Announcement

Collapse
No announcement yet.

Am I the only one that thinks policykit is retarded?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by oiaohm View Post
    https://scarygliders.net/2013/03/26/...v1-0-released/
    You have overlooked something. Those who write policykit/polkit include the stuff you need for a GUI.

    Some distributions do provide this GUI for altering polkit configuration.



    Remember design of distribution security policy is between application developers and distributions. Also remember distributions do at times provide their own configuration tools. Yes some distributions are way simpler for users to configure polkit as the new name.

    There is only so far making a framework you should go. After that its then down to distributions and applications like kde and gnome to take over for a integrated experience.
    You keep saying the same points, as if those points are somehow good things, but they aren't. Just look at the actual results, polkit is not simple, it doesn't have a sane default config, they leave configuration to end users, and at least some distributions don't implement policies of their own. The points you keep making all sound so retarded to me. None of the points you keep making actually make sense. None.

    EDIT: If you simply install a Plasma or Gnome desktop then the experience you get is a constant prompt for root password. That is -NOT- an integrated experience, it's not safe and it's not sane. In -NO- possible way is it a good thing.
    Last edited by duby229; 09 May 2019, 09:12 AM.

    Comment


    • #22
      Originally posted by duby229 View Post
      You keep saying the same points, as if those points are somehow good things, but they aren't. Just look at the actual results, polkit is not simple, it doesn't have a sane default config, they leave configuration to end users, and at least some distributions don't implement policies of their own. The points you keep making all sound so retarded to me. None of the points you keep making actually make sense. None.
      But it was not left totally to the end users at all. Application developers and distributions are responsible for how the default configuration of polkit is.

      There is no point having rules for applications that are not installed. polkit has a zero default rules for good security reasons. polkit installed with other applications installed using polkit there is no need to have any rules. If you have rules installed for applications that are not installed these could become security issues.

      Originally posted by duby229 View Post
      EDIT: If you simply install a Plasma or Gnome desktop then the experience you get is a constant prompt for root password. That is -NOT- an integrated experience, it's not safe and it's not sane. In -NO- possible way is it a good thing.
      Please note I said polkit leaves the defaults to application developers and distributions maintainers.

      Code:
      polkit.addRule(function(action, subject) {
          if ((action.id == "org.freedesktop.Flatpak.app-install" ||
               action.id == "org.freedesktop.Flatpak.runtime-install"||
               action.id == "org.freedesktop.Flatpak.app-uninstall" ||
               action.id == "org.freedesktop.Flatpak.runtime-uninstall" ||
               action.id == "org.freedesktop.Flatpak.modify-repo") &&
              subject.active == true && subject.local == true &&
              subject.isInGroup("sudo")) {
                  return polkit.Result.YES;
          }
      
          return polkit.Result.NOT_HANDLED;
      });
      If you have used flatpak todo a system wide install you will notice no password request as long as you are a sudo group user what your normal default user is. This is because of polkit.

      This flatpak action is because of the default policy that flatpak installs so not distribution maintainer work. There are many applications that install policies using polkit todo stuff that you never see a password dialog.

      Of course there are other applications with horrible polices or simple just use pkexec and don't include any rules.

      So make all those extra prompts for root password go away don't need a default polkit policy. You just need applications to update their polkit rules or distribution maintainer to custom patch the application polkit rules.

      The problem here duby229 every time polkit works perfectly you don't even notice it. No dialogue everything just works. Only time you notice it is when polkit rules say polkit need to ask you for a password because you user by rules does not have the authority to perform the action or no rule at all was created so polkit has no instructions so has to ask.

      Basically you are blaming polkit. Application rules file it added to polkit is saying you don't have right to perform X action this triggers the password dialog or simply no rule results in being asked.

      There are other applications like flatpak here that use polkit in ways that for most users don't raise a dialog at all you click do do action it just happens.

      Yes polkit was design on the theory that you could use your desktop and never see a dialogue if it configured to be that way. Only reason polkit is displaying password dialog is that application developer/distribution maintainers polkit rule file is telling it to.

      Basically when polkit rule files perfect your desktop experience is basically authentication dialogue free.

      Comment


      • #23
        Originally posted by debianxfce View Post
        Of course we blame IBM software like you blame the gnome3 C implementation. Typical IBM software is buggy, slow, difficult use, hide things and makes you believe you are safe. Starting the polkit daemon is disabled in my Xfce software development/gaming/multimedia computer.
        I am getting it now. Debianxfce thinks I am linked to IBM/Redhat. Bad news. Polkit is not a IBM product. It was not a IBM/Redhat developer who decide to make the gnome shell javascript. Yes IBM/Redhat developers who argued against that change then in fact delayed they change from gnome2 to gnome3.

        History is a bitch with your arguments debianxfce because you are clueless on it.

        Having polkit disabled means you need to use items like gksu to perform tasks so you have to enter root password more times.

        EDIT: If you simply install a Plasma or Gnome desktop then the experience you get is a constant prompt for root password. That is -NOT- an integrated experience, it's not safe and it's not sane. In -NO- possible way is it a good thing.

        duby229 does not want your broken crap ideas debianxfce. Please give up trying to annoy me with incorrectly blaming things on IBM/Redhat or any other company and attempt to provide answers to the person who started this thread that technically can do what they are requesting.

        If distributions or application providers fix the polkit rules the out the box experience will be exactly what duby229 wants. Its not like polkit has any issues in it code base causing the problems.

        Polkit with correctly configured rules is meant to stop constant prompt for root password. There are many examples where polkit is perfectly successful.

        Originally posted by debianxfce View Post
        Using Clamtk is the only virus protection and internet says it is not the best virus scanner.
        No question about that if you only use the free software version.
        Sanesecurity ClamAV signatures improve ClamAV detection rate on Macro Malware, zero-day malware, zero-hour malware, Phishing, and Spam on your servers.


        Clamtk + sanesecurity signatures is scary effective. But that is not the end of the signature sets you can add.

        Basically your arguments are still clueless debianxfce worse not suitable answers to what duby229 wants. When you can be on topic post again.
        Last edited by oiaohm; 10 May 2019, 01:12 AM.

        Comment


        • #24
          Originally posted by debianxfce View Post
          Check from internet before you write nonsense. https://en.wikipedia.org/wiki/Polkit
          "
          It is developed and maintained by David Zeuthen from Red Hat

          You check correctly next time. David Zeuthen was at Redhat now is at Google. Not all Redhat developers or Redhat Project have in fact moved over to IBM. David Zauthen is one of those who jumped ship.

          Yes David Zeuthen moved in 2013 and Wikipedia 5 years latter still has not caught up.

          Polkit is a Redhat/Google product. No direct IBM developers in mix. IBM acquirement of Redhat is not final yet. USA regulators could kill the deal for up to 12 months after the announcement. Yes the stupidity of USA regulations.


          If you had read this you would have found something very interesting. Highest access member Miloslav Trmac. Interesting point he is freelance never has worked for IBM. Has worked for Google and Redhat and few other companies on short term freelance contracts. Redhat being acquired by IBM there could be some very interesting things happening in polkit once the deal is truly final.

          Originally posted by debianxfce View Post
          The point is that when a virus have the root access, polkit is useless.
          The key word is "when" because the virus has to get to root access by some way right. . polkit is to reduce how many times you enter you root password so reducing the possibility of password capture to get root access that way.

          Polkit is not exactly useless its just makes up many pieces. Of course the fact polkit rules are not being setup well is not helping the problem..

          Originally posted by debianxfce View Post
          If you pay for a virus protection, then you are as stupid as windows desktop users. Free windows virus scanners are better than clamav.
          And don't have signatures for Linux viruses worth anything.

          Comment


          • #25
            Originally posted by debianxfce View Post

            The Department of Justice has approved IBM's acquisition of Red Hat. Since IDC thinks Red Hat Enterprise Linux alone is expected to contribute to more than $10 trillion worth of global business revenues in 2019, IBM's $34 billion acquisition of Red Hat is looking better than ever.


            "
            The Department of Justice has approved IBM's acquisition of Red Hat.
            "

            So we cay say that all redhat software is IBM software.
            USA law the ass. IBM is not going to make any major changes until 12 months from the date of Department of Justice approval has passed. Public is allowed to dispute the Department of Justices approval on anti competition and other grounds for 12 months. Basically the Department of Justices can give their approval and take it back 12 months latter if you have merged your companies a lot in that time can cannot reverse merge stiff. Yes in these cases the Department of Justice is a true define of a Indian giver.

            As zdnet said it moved forwards not finalised. Finalised is 12 months after and that when staff could be getting fired by IBM and we will see what projects are ending up under IBM management and what will be going to other companies.

            So at this stage Redhat projects are still Redhat with the possibility of coming under IBM. Please remember that is only a possibility it will depend what staff IBM gets rid off or quits when the deal is finalised.

            Originally posted by debianxfce View Post
            A virus can change the polkit rule file with root access. So polkit does not reduce nothing, only adds system resource usage and work to the user.
            Again virus has to have root access todo that. If you running as recommend as a unprivileged user with polkit kit rules directly basic actions you need so you are not entering root password this does mean virus cannot go for X11 input capture to get password to raise privilege to root..

            Lot of viruses on Linux once they are past a particular age their exploit to root does not work. So it will have to get to root by user granting it or stealing password.

            duby229 is talking about running as a privilege user all the time. So drop the virus point its off topic for what duby229 is talking about. Since your virus example is invalid for duby229 case you using it as example why polkit is flawed is also invalid. Please get back on topic debianxfce.

            Comment


            • #26
              Originally posted by debianxfce View Post
              Sudo access is enough and a virus can capture the user password when using the sudo dmesg command. Many distributions force you to use sudo with dmesg
              True but funny fact pkexec is designed to deprecate sudo. gksu and other graphical sudo solutions have already been deprecated and are disappearing.

              In fact you are not forced to use sudo dmesg. pkexec dmesg will work. On wayland polkit agents for authentication is not sniff-able..

              Yes with pkexec rule you could be using dmesg as your user without typing in a password. Yes if you are typing in password once we get to wayland desktop the password entry will be as secure as it can be with the polkit route.

              Comment


              • #27
                Originally posted by debianxfce View Post
                True but funny fact, many people will newer use pkexec or run the polkit daemon. So polkit is typical IBM bloatware as the OP wrote. Sudo is not disappearing.
                As I pointed out Polkit may not end up a true IBM project yet. Redhat at this stage is still the correct thing to call it. Really think about it if the developers of Polkit don't remain when Redhat acquirement by IBM finalised you have been saying the wrong thing.

                There are already a few distributions that don't have sudo or su. It pkexec or nothing on those distributions.

                Reality here people will keep on using the legacy until it disappears.

                Also the differences in security between sudo and pkexec is not that great when you are using X11 solutions instead of wayland ones. So change pressure will increase.

                Comment


                • #28
                  Originally posted by debianxfce View Post
                  Sudo and X are not disappearing and there is pressure to make wayland solutions to work as good as X and that will never happen.
                  Thinking all new features will be developed first on the Wayland side and possible never come to x.org server at all. So like it or not Wayland already in particular cases works better than X11 and there are going be more examples of that.

                  10 years of development of wayland yet in that first 10 years were was the full formal test-suite. There are signature events that you see when a protocol is about to come commonly used 1 to 2 years before common usage is normally the full test-suite appearing. So 2020 and 2021 is the most likely date for wayland in major way.

                  Sudo the graphical front end to it will be disappeared from all new distributions. Sudo on the command line is marked to follow suite like it or not.

                  debianxfce just wants to put his head in the sand and pretend the changes are not happening.

                  Comment


                  • #29
                    Originally posted by debianxfce View Post

                    Sudo and X are not disappearing and there is pressure to make wayland solutions to work as good as X and that will never happen. 10 years of wayland development and no end to see. IBM-microsoft partnership prevents the Linux desktop success and they use gnome3, pulseaudio,networkmanager, policykit, systemd, wayland and kernel bugs for that.
                    Red Hat partners with Microsoft to deliver integrated solutions and your choice of hybrid cloud deployments on Microsoft Azure.
                    Why is Microsoft putting the Linux kernel itself in a hyperviser for WSL 2.0 if they hate it so much? Why do they offer several Linux distributions, including their own custom one in Azure? Why did they port and create Linux packages for .NET, their biggest development platform? Why do they have a giant banner that says "Microsoft Heart Linux" in every single BUILD event? Is this their plan to kill it? I guess it's some sort of reverse psychology. Quite cunning.

                    Comment


                    • #30
                      Originally posted by debianxfce View Post

                      This all is for preventing the Linux desktop success. IBM/MS/Intel conspiracy do not like wine-staging and dxvk, the reason for WSL. Azure is for servers and MS wants to keep Linux there.
                      Glad we agree there, brother! I actually found several bugs in their PowerShell port for Linux, I can already smell their evil, useless tools infesting my previous custom-compiled Debian distribution. Soon people will start using PowerShell instead of Xfce, the world is going mad.

                      Comment

                      Working...
                      X