http://bugzilla.opensuse.org/show_bug.cgi?id=1204026 http://bugzilla.opensuse.org/show_bug.cgi?id=1204026#c4 --- Comment #4 from Bj�rn Lie <bjorn.lie@gmail.com> --- (In reply to Matthias Gerstner from comment #3)
Still I would like to ask you to check with upstream what they intend to achieve with such logic. There is a certain danger that future coders interpret this flag wrongly and use it also in privileged D-Bus functions.
I'm not sure whether getting BIOS settings is not also already to some level privileged. But fwupd is rather lax in other areas already when it comes to obtaining system information without authentication.
Please get in contact with upstream about this before I whitelist the new actions.
I could do that, but frankly since I do not know nor understand the security implications, it would mean that I'd just have to copypaste the reply from here as a question in a issue. It would probably be a lot more fruitful if you as a person who understands these matters did that yourself. -- You are receiving this mail because: You are on the CC list for the bug.