Re: External dependencies, DeviceKit-power and GNOME Power Manager

[David Zeuthen <david fubar dk>]

On Tue, 2008-11-25 at 17:41 +0100, Josselin Mouette wrote:
> However I wouldn’t like if ConsoleKit became mandatory for some uses,
> because its security model reproduces some of the mistakes of
> pam_console. Currently we still replace at_console policies by specific
> group memberships. If this stops being possible we’d certainly have a
> problem with that.

You are of course very free to do whatever you want with your operating
system but a couple of points here

 - ConsoleKit has nothing to do with assigning device permissions; dunno
   know from where you got that idea. However, ConsoleKit as a mechanism
   is typically used to dynamically manage ACL's on device nodes.

   FYI, device permissions is (currently) managed by HAL and on purpose
   (to suit Debian) it's an optional, not mandatory, feature. It's still
   an open question what component will replace it in a non-HAL world.

 - FWIW, mediating device access through group membership is
   considered broken by most people that care about security [1].
   AFAIK, Ubuntu is moving away from it too.

   (That is not to say, UNIX groups are useless for managing device
    permissions; for example it's useful to have a 'video' UNIX group
    and put, say, Fluendo video server system user in that group. But
    IMHO, it's a mistake to do that for regular users since such
    privileges are very hard to revoke.)

Again, you are free to do whatever you want in your OS. No one forces
you to use dynamic ACL's and if something in the future does that, then
I agree that it's problematic for something like GNOME to depend on.

Please avoid spreading misinformation. Thanks.

    David

[1] : Once member of a group, always member of a group.. copy /bin/bash
to $HOME; chown to group, set the setgid bit... OWNED!