[oi-dev] glib changes review

Peter Tribble peter.tribble at gmail.com
Fri Mar 11 12:18:17 UTC 2016

On Fri, Mar 11, 2016 at 12:03 PM, Alexander Pyhalov <alp at rsu.ru> wrote:

> Please, review:
> https://github.com/OpenIndiana/oi-userland/compare/Openindiana:oi/hipster...pyhalov:pfexec
> Issues: https://www.illumos.org/issues/6728
>         https://www.illumos.org/issues/5633
> The issue is that glib incorrectly detects pfexec usage as setuid program
> (even when pfexec doesn't change euid). So, it refuses to launch dbus -
> https://github.com/GNOME/glib/blob/master/gio/gdbusaddress.c#L1060
> We heal it by falling back to euid/uid comparison. We also use pfexec to
> launch brasero and sound-juicer.
> After
> https://github.com/OpenIndiana/oi-userland/commit/9f0f786ce02ff7a120952fa34888cdcca5b8469d
> console user (Console User) should have "Desktop Removable Media User"
> profile and have sys_devices privileges, necessary for brasero and sound
> juicer (which uses brasero libraries) to work with CD devices.
> I'm a bit concerned about unexpected security issues which it could cause..

The problem I see with using pfexec is that bad things happen if the user
has some other profiles or privileges, so you end up giving those programs
rights they don't need. For example, if the user is Primary Administrator
then pfexec usually equates to "run as root", which probably isn't what you
intend. Generally, using pfexec assumes that the program being run is
privilege aware (so it can drop any unexpected privileges).

-Peter Tribble
http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openindiana.org/pipermail/oi-dev/attachments/20160311/93751930/attachment-0005.html>

More information about the oi-dev mailing list