|
BlankSystemDaemon posted:windows still doesn't have a true concept of limited user access, since every user is an administrator by default On most OS's the first account you create will have administrator access or ability to elevate to administrator access; that doesn't mean it "doesn't have a true concept of limited user access" considering that, you know, you can create non-administrator accounts
|
#
?
Jan 26, 2022 15:12
|
|
|
|
| # ? Apr 26, 2024 17:45 |
|
|
Cybernetic Vermin posted:uac is literally sudo made more fine-grained and ui-aware, what you mean is that new user accounts on windows are in sudoers by default, which is exactly how modern linux is also used. BlankSystemDaemon posted:welp, i didn't realize linux had fallen so low. hi it's 2022 and there's typically multiple machines per user as opposed to viceversa, welcome to reality if you're still administering a venerable mainframe to which bellbottom-wearing grad students login via terminal, you probably aren't the target for the default configuration of modern graphical desktop linuxorz
|
|
#
?
Jan 26, 2022 15:17
|
|
|
What Windows doesn't have is a way to delegate certain administrative functions (and only those) to normal user accounts, which is what polkit is trying to solve.
|
|
#
?
Jan 26, 2022 15:23
|
|
|
BlankSystemDaemon posted:windows still doesn't have a true concept of limited user access, since every user is an administrator by default, and the equivalent of the root account (called SA, sometimes mislabeled as Super Administrator) is disabled by default there is no such thing as root in windows because it was designed by intelligent people. The default Administrator is just another user in the built-in\administrators group and is not really special like root is. Administrator exists for legacy compatibility purposes and potentially for backup purposes in the even of other accounts losing access. every user on non-domain computers is admin by default because its better practical security if the user only has to remember their own password and not an administrator password they setup 4 years ago when they installed the os. Users operate with reduced privileges so applications cannot make administrator level changes without a prompt. for domain computers, users are user by default and administrator privileges must be granted by domain level accounts with permissions to manage domain computer accounts. its a better system all around
|
|
#
?
Jan 26, 2022 15:24
|
|
|
Antigravitas posted:What Windows doesn't have is a way to delegate certain administrative functions (and only those) to normal user accounts, which is what polkit is trying to solve. it absolutely does through the system security policy. thats how the administrators group gets much of its privileges
|
|
#
?
Jan 26, 2022 15:25
|
|
|
in important examples we have SeUndockPrivilege which lets a user remove a laptop from a dock without logging on. it remains extremely unclear what *not* having this permission would even mean.
|
|
#
?
Jan 26, 2022 15:37
|
|
|
in less tedious news some Collabora people are working on implementing comprehensive color management in Wayland and wrote up some docs about the concepts involved. i'm not a print and media person so i was only dimly aware of a lot of these things, it's an interesting read https://gitlab.freedesktop.org/pq/color-and-hdr/-/blob/main/doc/pixels_color.md
|
|
#
?
Jan 26, 2022 15:45
|
|
|
Cybernetic Vermin posted:in important examples we have SeUndockPrivilege which lets a user remove a laptop from a dock without logging on. it remains extremely unclear what *not* having this permission would even mean. less obviously absurd but what does it mean 'user can do $X without logging on'? if they haven't logged on, how do you even know which user it is?
|
|
#
?
Jan 26, 2022 16:21
|
|
|
NihilCredo posted:less obviously absurd but what does it mean 'user can do $X without logging on'? no idea, might mean doing something over network (i believe that is a distinction on windows, e.g. you may have permission to reboot a computer over the network without necessarily being able to log on to it). but it is very unclear since there is no obvious software interaction involved to start with. need hackbunny back for this stuff really.
|
|
#
?
Jan 26, 2022 16:26
|
|
|
NihilCredo posted:less obviously absurd but what does it mean 'user can do $X without logging on'? probably non-interactive vs. interactive logons definitely doesn't make sense in the context of "physically remove hardware from machine"
|
|
#
?
Jan 26, 2022 18:29
|
|
|
sb hermit posted:So, it looks like there's a brand new vulnerability involving pkexec, a set-uid binary for polkit why on earth does your pkexec(1) link libresolv? Why would it need to do DNS lookups? The pkexec(1) in the Fedora install I have handy doesn't
|
|
#
?
Jan 26, 2022 18:39
|
|
|
Spazmo posted:why on earth does your pkexec(1) link libresolv? Why would it need to do DNS lookups? The pkexec(1) in the Fedora install I have handy doesn't it's fhe ubuntu 20.04 pkexec
|
|
#
?
Jan 26, 2022 19:01
|
|
|
why is pkexec in section 1 of the manual pages? it should be in section 8.
|
|
#
?
Jan 26, 2022 19:28
|
|
|
Polkit requires glib because it requires spider monkey which is Firefox’s json engine. It’s awful and they are just barely ready to merge duktape support to get rid of that terrible requirement. Buildroot had been using polkit with the duktape patches for almost a year now without issues. Saving over 20M on the filing system.
|
|
#
?
Jan 26, 2022 19:39
|
|
|
(non-ironically) good to know, wondered what plan they had after spidermonkey
|
|
#
?
Jan 26, 2022 19:42
|
|
|
Holy poo poo. Duktape is officially merged as of yesterday! 2 years in the making and dragging the devs kicking and screaming. https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/97
|
|
#
?
Jan 26, 2022 19:44
|
|
|
cool
|
|
#
?
Jan 26, 2022 19:47
|
|
|
Tankakern posted:cool
|
|
#
?
Jan 26, 2022 19:48
|
|
|
never heard of DukTape before, why not use that Bellard thing, QuickJS? seems similar except QuickJS supports such esoteric JavaScript features as class definitions and block-scoped variables DukTape's site even links to QuickJS in its Alternatives section and they share the same license
|
|
#
?
Jan 26, 2022 20:11
|
|
|
Why have javascript at all?
|
|
#
?
Jan 26, 2022 20:17
|
|
|
the original version had a purely declarative policy language and that ~ ~ ~ wAsN't FLeXibLE ENouGH ~ ~ ~ so version two replaced that with a JS interpreter so you can make your policies as confusing as possible
|
|
#
?
Jan 26, 2022 20:23
|
|
|
pseudorandom name posted:the original version had a purely declarative policy language and that ~ ~ ~ wAsN't FLeXibLE ENouGH ~ ~ ~ so version two replaced that with a JS interpreter so you can make your policies as confusing as possible orz
|
|
#
?
Jan 26, 2022 20:25
|
|
|
That seems like the sort of thing where you would traditionally just use lua or something, or I don't know, maybe eBPF if you want to cram it into the kernel to be fancy and obnoxious
|
|
#
?
Jan 26, 2022 20:26
|
|
|
also pkexec doesn't have the interpreter, it asks polkitd via dbus if the action is allowed and polkitd does the javascript evaluation
|
|
#
?
Jan 26, 2022 20:27
|
|
|
mystes posted:That seems like the sort of thing where you would traditionally just use lua or something, or I don't know, maybe eBPF if you want to cram it into the kernel to be fancy and obnoxious BPF is a JIT packet filter to machine code compiler made into a compact virtual machine - why is it being used for system tracing, declarative policies, and the like?
|
|
#
?
Jan 26, 2022 20:30
|
|
|
mystes posted:That seems like the sort of thing where you would traditionally just use lua or something, or I don't know, maybe eBPF if you want to cram it into the kernel to be fancy and obnoxious do system security policies seriously need to be turing complete like what the gently caress
|
|
#
?
Jan 26, 2022 20:33
|
|
|
because it was stupid for Sun to create a second kernel-level bytecode virtual machine for DTrace when they already had one for BPF
|
|
#
?
Jan 26, 2022 20:34
|
|
|
NihilCredo posted:do system security policies seriously need to be turing complete like what the gently caress large enterprises and government departments are where RH gets its money from so yeah those guys are going to have insane and convoluted policies for their insane and convoluted centrally-administered computing resources
|
|
#
?
Jan 26, 2022 20:37
|
|
|
NihilCredo posted:do system security policies seriously need to be turing complete like what the gently caress
|
|
#
?
Jan 26, 2022 20:46
|
|
|
ebpf everything is the future.
|
|
#
?
Jan 26, 2022 20:50
|
|
|
pseudorandom name posted:because it was stupid for Sun to create a second kernel-level bytecode virtual machine for DTrace when they already had one for BPF BPF generates bytecode capable of dealing with network packets (and traces its history back to Enet at CMU in 1980). both are virtual machines, ie. a program that itself acts like a computer. i'm not sure how the two can be confused, but i applaud you for managing it BlankSystemDaemon fucked around with this message at 21:02 on Jan 26, 2022 |
|
#
?
Jan 26, 2022 20:59
|
|
|
BlankSystemDaemon posted:DIF is bytecode that's used for instrumenting existing tracepoints, which are included in the code either by explicit use of macros or automatically generated by the build system. the point is, i would guess, that linux opted to instead extend bpf into ebpf, which serves not only both those purposes, but a ton of others. otoh the compiler and verifier are non-trivial, so not like it was an obvious development.
|
|
#
?
Jan 26, 2022 21:09
|
|
|
mystes posted:I'm not sure if you're saying it shouldn't be a programming language at all or you're suggesting dhall here dhall would be my #1 choice for "I need to let the user define some really complicated data structures in a safe way with as little pain as possible" but I don't know if it was around when this thing was designed but even templated yaml or regex substitutions or whatever awful poo poo was lying around on the floor should not have raised as many instinctual red flags as running eval("userinput.js") in a Very Important Enterprise IBM Mission Critical Security Project
|
|
#
?
Jan 26, 2022 23:50
|
|
|
keep in mind that polkit rules are approximately as complex as proxy-auto config and are never from untrusted sources
|
|
#
?
Jan 27, 2022 00:14
|
|
|
Cybernetic Vermin posted:ebpf everything is the future. I can see the appeal, but I really don't understand how you're supposed to debug when things go wrong with your bytecode programs other than very carefully. For tracing and profiling it's a godsend of course, but xdp and such seems nuts to me
|
|
#
?
Jan 27, 2022 01:04
|
|
|
my homie dhall posted:I can see the appeal, but I really don't understand how you're supposed to debug when things go wrong with your bytecode programs other than very carefully. trace your ebpf programs using other ebpf programs
|
|
#
?
Jan 27, 2022 02:59
|
|
|
https://www.collabora.com/news-and-blog/blog/2022/01/27/writing-an-open-source-gpu-driver-without-the-hardware/ the mesa crew are getting really good at this
|
|
#
?
Jan 27, 2022 23:55
|
|
|
Sapozhnik posted:https://www.collabora.com/news-and-blog/blog/2022/01/27/writing-an-open-source-gpu-driver-without-the-hardware/ the panfrost project is just insane. it's largely the product of someone who got involved as a high school student
|
|
#
?
Jan 29, 2022 20:40
|
|
|
arch linux has to be a troll right? you install this thing and half the packages are in the aur, so then you need to install what's essentially another package manager, then it's a diceroll as to whether the packages fail to build or break in a day or two, and you have to waste time troubleshooting like if you're going to install a second package manager you might as well use debian and install nix/guix, which probably won't break horribly, and can be rolled back instantly if they do. what maniac actually uses this shiiit?
|
|
#
?
Jan 30, 2022 03:36
|
|
|
|
| # ? Apr 26, 2024 17:45 |
|
|
Buck Turgidson posted:arch linux has to be a troll right? you install this thing and half the packages are in the aur, so then you need to install what's essentially another package manager, then it's a diceroll as to whether the packages fail to build or break in a day or two, and you have to waste time troubleshooting people who have made janitoring their personal computers a core component of their personality, op
|
|
#
?
Jan 30, 2022 03:43
|
|
