<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Mar 11, 2016 at 12:03 PM, Alexander Pyhalov <span dir="ltr"><<a href="mailto:alp@rsu.ru" target="_blank">alp@rsu.ru</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Please, review: <a href="https://github.com/OpenIndiana/oi-userland/compare/Openindiana:oi/hipster...pyhalov:pfexec" rel="noreferrer" target="_blank">https://github.com/OpenIndiana/oi-userland/compare/Openindiana:oi/hipster...pyhalov:pfexec</a><br>
<br>
Issues: <a href="https://www.illumos.org/issues/6728" rel="noreferrer" target="_blank">https://www.illumos.org/issues/6728</a><br>
        <a href="https://www.illumos.org/issues/5633" rel="noreferrer" target="_blank">https://www.illumos.org/issues/5633</a><br>
<br>
<br>
The issue is that glib incorrectly detects pfexec usage as setuid program (even when pfexec doesn't change euid). So, it refuses to launch dbus - <a href="https://github.com/GNOME/glib/blob/master/gio/gdbusaddress.c#L1060" rel="noreferrer" target="_blank">https://github.com/GNOME/glib/blob/master/gio/gdbusaddress.c#L1060</a><br>
<br>
We heal it by falling back to euid/uid comparison. We also use pfexec to launch brasero and sound-juicer.<br>
After <a href="https://github.com/OpenIndiana/oi-userland/commit/9f0f786ce02ff7a120952fa34888cdcca5b8469d" rel="noreferrer" target="_blank">https://github.com/OpenIndiana/oi-userland/commit/9f0f786ce02ff7a120952fa34888cdcca5b8469d</a> <br>
console user (Console User) should have "Desktop Removable Media User" profile and have sys_devices privileges, necessary for brasero and sound juicer (which uses brasero libraries) to work with CD devices.<br>
<br>
I'm a bit concerned about unexpected security issues which it could cause..</blockquote><div><br></div><div>The problem I see with using pfexec is that bad things happen if the user<br></div><div>has some other profiles or privileges, so you end up giving those programs<br></div><div>rights they don't need. For example, if the user is Primary Administrator<br></div><div>then pfexec usually equates to "run as root", which probably isn't what you<br></div><div>intend. Generally, using pfexec assumes that the program being run is<br></div><div>privilege aware (so it can drop any unexpected privileges).<br></div></div><br>-- <br><div class="gmail_signature">-Peter Tribble<br><a href="http://www.petertribble.co.uk/" target="_blank">http://www.petertribble.co.uk/</a> - <a href="http://ptribble.blogspot.com/" target="_blank">http://ptribble.blogspot.com/</a></div>
</div></div>