FS#50459 - [packagekit] Root privileges to upgrade the system and to install software by default.
Attached to Project:
Community Packages
Opened by Éter (AqaIb) - Saturday, 20 August 2016, 17:02 GMT
Last edited by Jelle van der Waa (jelly) - Thursday, 28 September 2023, 16:21 GMT
Opened by Éter (AqaIb) - Saturday, 20 August 2016, 17:02 GMT
Last edited by Jelle van der Waa (jelly) - Thursday, 28 September 2023, 16:21 GMT
|
Details
Description:
Using packagekit through discover and gnome-software, I have the ability to install software from the repositories and to upgrade the system without entering the admin password. This behaviour comes by default from upstream. To be able to upgrade the system, you don't need anymore than a normal user. It is coded in the following file: "/usr/share/polkit-1/actions/org.freedesktop.packagekit.policy" <action id="org.freedesktop.packagekit.system-update"> <!-- SECURITY: - Normal users do not require admin authentication to update the system as the packages will be signed, and the action is required to update the system when unattended. - Changing this to anything other than 'yes' will break unattended updates. --> To be able to install software from the repositories without the admin password, the user must be in the "wheel" group. It is coded in the following file: "/usr/share/polkit-1/rules.d/org.freedesktop.packagekit.rules" polkit.addRule(function(action, subject) { if (action.id == "org.freedesktop.packagekit.package-install" && subject.active == true && subject.local == true && subject.isInGroup("wheel")) { return polkit.Result.YES; } }); Although upstream think that these two options are not security issues, I think that upstream thinks more in terms of ease of use than in terms of security, but that is only my opinion and I am not cualified enough to emit a veredict. I report this because I think that these two options should ask for the admin password by default, giving the option for not asking it only as optional for users/distros that prefer less secure but easier methods. Sincerely, Aqa-Ib. Additional info: * package version(s): 1.1.3-1 Steps to reproduce: For upgrading without password: 1. Install discover or gnome-software 2. Upgrade the system using discover or gnome software. For installing software from the repositories without password: A. Put your normal user in the wheel group. B. Install any software from the repositories using discover or gnome software. |
This task depends upon
Closed by Jelle van der Waa (jelly)
Thursday, 28 September 2023, 16:21 GMT
Reason for closing: Not a bug
Additional comments about closing: a wheel user is considered an admin so this is expected
Thursday, 28 September 2023, 16:21 GMT
Reason for closing: Not a bug
Additional comments about closing: a wheel user is considered an admin so this is expected
This package was installed on my system as dependency of simple-scan, which shall not need to install packages without root previlages AFAIK.
Vendors could/should maintain secure/tested/lts Mirrors and adapt /etc/PackageKit/alpm.d/pacman.conf accordingly for professional environments, I guess.