amesser | hi there, been off for quite a while now, is there a list about things todo for beowulf? | 21:48 |
---|---|---|
fsmithred | meeting is in 45 minutes (20:30 UTC) | 21:48 |
amesser | yes i know. I'm sorry, but this is too late for me at the moment | 21:51 |
amesser | also, since i'm not very good in english speaking - and listening - it was always hard for me to follow the native speakers | 21:51 |
fsmithred | oh, sorry | 21:51 |
amesser | especially since the signal to noise ratio was sometimes not very high | 21:52 |
fsmithred | lol, true | 21:52 |
fsmithred | can I pick your brain about policykit right now? | 21:52 |
amesser | yeah, give it a try | 21:53 |
fsmithred | devuan desktop theme includes a fix to un-do the gtk3 disappearing scrollbars | 21:53 |
fsmithred | fix works for user | 21:53 |
fsmithred | in root apps, like synaptic, pkexec does not pass env variables, so the scrollbars come and go | 21:54 |
fsmithred | one workaround involves changing which variable pkexec will pass, and there's discussion about what is safe or not safe. | 21:54 |
fsmithred | All beyond my understanding | 21:54 |
fsmithred | if you feel up to looking into it, I could give you some links to the discussions | 21:55 |
amesser | ok, i can have a look at it | 21:55 |
fsmithred | thanks | 21:55 |
fsmithred | My post to xfce forum: https://forum.xfce.org/viewtopic.php?pid=53417#p53417 | 21:57 |
fsmithred | answer linked me to this: https://bugzilla.redhat.com/show_bug.cgi?id=1171779 | 21:57 |
fsmithred | and this: https://bugs.freedesktop.org/show_bug.cgi?id=96713#c3 | 21:57 |
fsmithred | the scrollbar fix is a few posts above mine | 21:58 |
amesser | I like the comment: | 22:14 |
amesser | /* By default we don't allow running X11 apps, as it does not work in the general case. See ... | 22:15 |
amesser | just above the X11 vars passed :-) | 22:15 |
amesser | pkexec is not to be supposed to be run with X11 apps - but that is the typicall usecase | 22:15 |
amesser | it is sued today :-) | 22:15 |
amesser | s/sued/used | 22:16 |
fsmithred | yeah, there's not a lot of point to using synaptic or gparted if you can't have root privs | 22:17 |
amesser | the point about passing these vars from user to root context using pkexec is, that basically a user could be set the var to some bogus value in order to trigger a leak/security issue in the program and use this to lauch e.g. a root shell | 22:19 |
fsmithred | thanks, that makes sense | 22:20 |
fsmithred | my solution is to open a root shell | 22:20 |
fsmithred | with 'su' the scrollbar fix works. | 22:20 |
amesser | but, someone who is allowed to run synaptic as root can mess the system anyway | 22:21 |
fsmithred | yeah | 22:21 |
fsmithred | gparted, too | 22:21 |
amesser | for some of the vars, they have added value checking | 22:21 |
amesser | i think it would be safe if we add these vars and add checking their values | 22:22 |
fsmithred | cool | 22:22 |
amesser | https://gitlab.freedesktop.org/polkit/polkit/blob/master/src/programs/pkexec.c, function validate_environment_variable | 22:23 |
fsmithred | are you packaging policykit these days? | 22:23 |
golinux | fsmithred: Thanks for following up on this | 22:24 |
golinux | and to amesser for joinging in | 22:25 |
amesser | I havn't doing any packaging for a couple of months now, but at least i'm set as developer for https://git.devuan.org/devuan-packages/policykit-1/ | 22:25 |
amesser | so i could try making a branch of it and implement some thing for test at least | 22:26 |
fsmithred | great, thanks | 22:26 |
amesser | you're welcome, golinux | 22:28 |
amesser | I'll try to do it until the weekend... | 22:28 |
plasma41 | About time for a meeting | 22:29 |
golinux | Good to see you after so long. | 22:29 |
fsmithred | somebody else go first | 22:29 |
golinux | The time is now folks!! | 22:35 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!