Mailinglist Archive: opensuse (929 mails)

< Previous Next >
[opensuse] Allowing local users to install software via polkit/packagekit results in unsigned packages being installable
Dear list-subscribers,

my fellow IT administrators and I are considering the option of allowing our users to install additional software present in already added, official repositories or software that is signed with already trusted keys. We are in the process of updating all clients to openSUSE 13.1.

To get this functionality, we changed a file in /etc/polkit-1/localauthority and set

ResultActive to yes (instead of auth_admin) for org.freedesktop.packagekit.package-install -only-. (I'm not 100% sure about the filename as I have limited access to our test environment right now)

We changed nothing for org.freedesktop.packagekit.package-install-untrusted, leaving it to ask for the root password before installing "untrusted" software (as far as I understood polkit).

Sadly, a freshly installed system (via autoyast, mostly vanilla with KDE4 pattern) with the mentioned change seems to allow our users to install arbitrary rpm packages.

We tested this by downloading a few RPMs from random, not openSUSE related websites, and by trying to install this package http://download.opensuse.org/repositories/home:/AndSee/openSUSE_13.1_Update_standard/x86_64/openafs-kmp-desktop-1.6.6_k3.11.10_7-2.1.x86_64.rpm which is signed with a key that shouldn't be trusted by default.

I'm not entirely sure what to do at this point to circle in on the problem. We don't want users (or exploits...) to be able to install unsigned packages. As we are using autoyast, we aren't ruling out that our current autoyast.xml-file might alter some opensuse settings permanently, but from our understanding, settings described there should only apply to the "live-system" used to install the system.

Relevant part of autoyast.xml:

<general>
...
<signature-handling>
<accept_file_without_checksum config:type="boolean">false</accept_file_without_checksum>
<accept_non_trusted_gpg_key config:type="boolean">false</accept_non_trusted_gpg_key>
<accept_unknown_gpg_key config:type="boolean">false</accept_unknown_gpg_key>
<accept_unsigned_file config:type="boolean">false</accept_unsigned_file>
<accept_verification_failed config:type="boolean">true</accept_verification_failed>
<import_gpg_key config:type="boolean">true</import_gpg_key>
</signature-handling>
</general>

Any pointers are greatly appreciated, especially to official documentation for packagekit/polkit if they describe install-packages and install-packages-untrusted in detail.

Andreas
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups