Create Sudoers policy for preference App #175
Comments
|
Why do you think we need to change anything? We have not needed that so far. Whenever the user wants to do something that needs root rights, then sudo will ask the user for the password. |
|
In fact i dont think , we have to fine tune sudoers, i'm sure about it. Then why ? Because that is require as Security Policy, the defaut Sudo Policy are far away to can make the job. (Especially without apply Button on the App). Each time i do my best for give a True responce, but here i have impresion of a joke ... Are you kicking me or something like that ? My english is a bit limited for joke ... Sorry i totally not folow you ... Then not use Polkit and not use Sudoers ? and nothing more ? I not want to be rude, i really not understand you point ... |
|
One way would be to run the whole GUI application as root, like A better was way is to have small helper scripts (command line tools) that get called by the main GUI application when needed to do the actual work. Those can be invoked with sudo. The advantage is that the main GUI application will not need root rights this way. It't the cleaner way.
I think that just sudo, without sudoers changes, should be enough to do the job. Maybe I am overlooking something? |
at frist yes we need something like a pipe line Bus, in charge to abstract permission for the Application. root and a user escalation permission are nto similar ... Root is totally alowed to escape a SHELL an keep root permission, but that is totaly not the case for a user .. The user have to ask for pernission escalation , and the sudoers policy framework is in charge to remove them ... (or not) I personally not thinking about Sudo Teaam are so stupid to developp and maintaim a complet security policy system for nothing ... i'll simply wait for someone it show me the way. ... without Polikt and without Sudoers i dont know how to ... About sudoe -E sudo -E is more as a bad practice that a security hole for hellosystem users. It have no technical raison to use it. I hope that exchange can help, or that will stop my work arround Preference App because i have no more way to make it work .... |
|
Just for keeo trace: IT have no need of LDAP, sudo can work like that out of the box |
|
Let's keep in mind that helloSystem is about doing things in the most simple way possible. |
|
For keep it simple we should follow Sudo best practice.. The actual aproch is simple yes, but expose the system and users to security holes. Actually i not understand how go a head. it have no security policy system, no way to have one, That is not because i dont want, that because i cant without "working security design". That issue cant be fixed, and will inform users about a huge security holes and the lake of maturity require to fixe it type of security trouble. Each time the choice should be The best for the helloSytem users. i make a summary of what i understand :
Dont need to be cross about me, Orignally i just work for make thing better, i havnt imagine that situation... |
|
Using |
|
You question have no sense to me, that is write and explain on all documentation link i have provide. Sudo is more a permission escalation and root is consider as UID=0. (i dont understand after all i explain why continue to confuse it) We speak about execute a child process over setuid. < ------- THE TROUBLE IS HERE i can give you a exemple:
normally it work only if you force -E and you should never as say on every sudo documentation. I recommand you to read the manual. The actual approch is totaly worng. It dont exist any documenation it explain about put sudo inside the application . < ------- THAT APPROCHE IS INSECURE When i'll finish Date and Time.app i totaly not make anything arround sudo. Without a True Sudo policy Date and Time.app will be the last application it require previllege escalation i'll touch. I repeat not because i dont want.. That because i can't. Regards |
|
By know how work Sudo , that easy to understand, the application have to be start as child process for get privilege escalation over setuid. Actually helloSystem application include call of sudo inside application code, that approche i worng and insecure... then helloSystem application is design like that, and every documentation on the world recommend to not do thing like that. |
|
I am trying to keep everything simple and maintainable, but of course it should not be insecure by design. Can you describe which changes would be needed in the system, outside of your applications (e.g., in Thank you. |
|
Phooo you can't imagine how you are right. Simple yes but not insecure by design i like a lot what you saying. Trust me i'll do me best to help you in that direction. It have different approch:
From my point: then my exemple focus in Date and Time.app: add it line: inside the starting script of the application: What it doing: That is just a example, in fact Policies can be think globally, like a separte project, Here i focus on Date and Time.app, it certainlly not should get the north. |
|
We can add security be specify full path of files it will be modify by the application. But that is a other story, we should found a valid simple way first then add complexity in a second step if need/require. |
|
We need to keep in mind that |
|
haaaaaaaaaa. haaaaaaaaaaaa. haaaaaaaaaaaaaaaaaa. I understand that requirement. But it look like Sudo policies should care about that. Then the sudoers COMMAND options usage should be limited, and that a big part of the sudo Framework. As you have identify the exemple i have provide work with a path in hard... It let use only USER and GROUP , HOST approch, and exit COMMAND due to static path. I´ll make a proof of concpet (unfortunally on GMU/Linux) and back with something it cover they user case:
Normaly that is possible, if not i'll back to you and explain the border line limitation. If Polkit is not a option Sudo limitation should be accepted for the moment ... |
|
helloSystem is made because we want a system that works more like a Mac. Being able to move around applications in the filesystem is central to that idea. I use this every day. For example, when I have multiple versions of an application. |
|
I got it, but understand me, it havent been done by Apple arround Sudo, but arround something like Polkit. Push the limit is my daily job .... it will be hard, but not impossible. In any case we can open a issue on Sudo git project and ask if it exist any feature for that. |
|
Isn't the whole |
|
Traditionally under UNIX that is group name wheel, the better is the group. Then if user utiliy have a Admin checkbox it should mean add user on the right group |
|
Yes. I am fine if only members of the wheel group can make changes, and need to enter their password. |
Sudoers is not the best policy system but that is the default helloSystem one, And actually the only one.
We should start a fine tuning of sudoers policy.
It have two big part:
1)
The system default config -> Ultra important section if allow or not certain VAR to be maintain by parent and child during a sudo
Take a look on the /usr/local/etc/sudoers.conf file, That is the original configuration file. Every option have a commentary and a explanation.
Aat the end of it file the directory /usr/local/etv/sudoers.d/ is loaded for get policies.
The system policy require less work, but we have ton consider each of our Application and creat a policy for each one.
Policies can be really power full, we can decide if a password is require , if the user is a Admin etc etc ....
I dont know really by where start:
PS: I dont know when and dont know how but we'll change the world ...
The text was updated successfully, but these errors were encountered: