From owner-freebsd-ports@freebsd.org Tue Jan 19 00:39:05 2021 Return-Path: Delivered-To: freebsd-ports@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C09FD4D9B75 for ; Tue, 19 Jan 2021 00:39:05 +0000 (UTC) (envelope-from swills@FreeBSD.org) Received: from mouf.net (mouf.net [IPv6:2607:fc50:0:4400:216:3eff:fe69:33b3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mouf.net", Issuer "mouf.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DKVCF2Kjzz3jtN; Tue, 19 Jan 2021 00:39:05 +0000 (UTC) (envelope-from swills@FreeBSD.org) Received: from lrrr.mouf.net (cpe-76-182-16-135.nc.res.rr.com [76.182.16.135]) (authenticated bits=0) by mouf.net (8.14.9/8.14.9) with ESMTP id 10J0clWu077146 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 19 Jan 2021 00:38:52 GMT (envelope-from swills@FreeBSD.org) Subject: Re: Removing sysutils/polkit dependency from sysutils/libudisks? To: Kurt Jaeger Cc: Pau Amma , freebsd-ports@freebsd.org References: From: Steve Wills Message-ID: Date: Mon, 18 Jan 2021 19:38:42 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (mouf.net [199.48.129.64]); Tue, 19 Jan 2021 00:38:53 +0000 (UTC) X-Spam-Status: No, score=0.4 required=4.5 tests=KHOP_HELO_FCRDNS, NICE_REPLY_A autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mouf.net X-Virus-Scanned: clamav-milter 0.99.2 at mouf.net X-Virus-Status: Clean X-Rspamd-Queue-Id: 4DKVCF2Kjzz3jtN X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [0.00 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; ASN(0.00)[asn:36236, ipnet:2607:fc50::/36, country:US] X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jan 2021 00:39:05 -0000 Hi, On 1/17/21 3:17 AM, Kurt Jaeger wrote: > Hi! > > Can you tell us the reason behind this opinion ? Is it generally > buggy, does polkit violate some general design policy for apps etc ? * There's one part of polkit, pkexec, which is suid and linked to some libs that really aren't designed to be used in suid binaries. * It uses spidermonkey to parse javascript policies, but aparently doesn't use it correctly[1]. It has a number of open issues[2] which have been open a while, but aren't addressed. * The project doesn't look terribly active. * Merge requests which look ready to commit aren't merged[3]. * The default policy gives everyone in wheel root access. So, to me, the features it provides don't seem worth it. I have removed it from my local system with some local patches and it seems to work fine. I haven't missed it at all. Anyway, just my $0.02. Cheers, Steve 1: https://gitlab.freedesktop.org/polkit/polkit/-/issues/97 2: https://gitlab.freedesktop.org/polkit/polkit/-/issues 3: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests