Re: [orca-list] Upgrading pkexec to run X11 Orca-accessible applications as root.

[Bill Cox <waywardgeek gmail com>]

On Sun, Sep 12, 2010 at 6:43 PM, Luke Yelavich
<luke yelavich canonical com> wrote:
> From what I remember reading in a bug on GNOME bugzilla, gksu lacks a mainloop which is a contributor to 
> the issues that we have with accessibility.
>
> There is also gksu-polkit, which at a glance, does the same thing, using policykit, and is already in 
> Ubuntu universe, and likely Debian as well. My vote is that we should try gksu-polkit and see whether 
> things are better or worse, using it as a gksu replacement.
>
> Luke

Hi, Luke.  I tried out gksu-polkit.  First, it doesn't ask for a
password using a GTK dialog box, and instead seems to want it on the
command line, making it more similar to sudo.  Maybe that's because I
ran it from a gnome-terminal, but there's no .  It's also somewhat
unstable.  For example, using it to run 'ls' crashes with this
message:

bill> gksu-polkit ls

GLib-ERROR **: /build/buildd/glib2.0-2.24.1/glib/gmem.c:176: failed to
allocate 140737488355328 bytes
aborting...
Aborted

In another test, gksu-polkit hung, taking up 100% CPU cycles.  If this
code links to libgksu, my vote would be to abandon it.  The pkexec
code is only 819 lines of code, and was simple for me to understand
and trivial to modify with, IMO, fairly low risk of introducing a
major security hole.  It also has a very cool dialog box.  Reading the
policykit code leaves me with a reasonably comfortable sense of
security, while reading the gksu code makes me want to set my computer
on fire.  Anyway, that's just my not-very-informed opinion based on
some time in both programs using gdb.

In any case, I can significantly upgrade our hack in Vinux by
switching to my slightly modified pkexec.  Would that be worth
testing?

Thanks,
Bill