PolicyKit + KDE

John Tapsell johnflux at gmail.com
Wed Sep 2 21:52:52 BST 2009


I wanted to make a quick point in defense of PolicyKit, given a few
people speaking against it...

Even though I'm making a small 'complaint' about PolicyKit (and I'm
not even 100% convinced it is a real problem), I want to say that in
general PolicyKit is a huge step forward.

The current sudo and kdesu setup has too many problems - the more
obvious one being that a rogue app merely has to wait until another
process runs kdesu and the user enters their password, then the rogue
app can just run kdesu straight after and become elevated to root,
without the user even knowing.

PolicyKit has a decent chance, combined with likes of selinux etc, to
come up with a fundamentally secure system, where a rogue user app
cannot take over a system.

So while some issues may need to be ironed, it's well worth sticking with it.

John




More information about the kde-core-devel mailing list