[Bug 665169] New: review policykit privilege org.xfce.power.backlight-helper
https://bugzilla.novell.com/show_bug.cgi?id=665169 https://bugzilla.novell.com/show_bug.cgi?id=665169#c0 Summary: review policykit privilege org.xfce.power.backlight-helper Classification: openSUSE Product: openSUSE 11.4 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: gber@opensuse.org QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 xfce4-power-manager, specifically the brightness panel plugin, now uses policykit by default, please review the org.xfce.power.backlight-helper policykit privilege installed by X11:xfce/xfce4-power-manager. Reproducible: Always -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=665169
https://bugzilla.novell.com/show_bug.cgi?id=665169#c
Thomas Biege
https://bugzilla.novell.com/show_bug.cgi?id=665169
https://bugzilla.novell.com/show_bug.cgi?id=665169#c1
--- Comment #1 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=665169
https://bugzilla.novell.com/show_bug.cgi?id=665169#c2
--- Comment #2 from Guido Berhörster
AFAICS this is only used as fallback if setting the brightness via xrandr doesn't work. The helper is called via pkexec ie similar to a setuid root binary. Without further review I'd set it auth_admin.
Yes, it is used to set the brightness via sysfs which requires root privileges. I've noted that the policykit privilege file is a copy of the gnome-power-manager one and the source of the helper executable xfpm-power-backlight-helper has been copied from the one included with gnome-power-manager with i18n removed. Compare http://git.gnome.org/browse/gnome-power-manager/tree/src/gpm-backlight-helpe... with http://git.xfce.org/apps/xfce4-power-manager/tree/src/xfpm-backlight-helperc... and http://git.gnome.org/browse/gnome-power-manager/tree/policy/org.gnome.powerp... with http://git.xfce.org/apps/xfce4-power-manager/tree/src/org.xfce.power.policyi... Since both are identical execpt i18n and the gnome-power-manager package in openSUSE does not require auth_admin can xfce4-power-manager be treated the same way? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=665169
https://bugzilla.novell.com/show_bug.cgi?id=665169#c3
--- Comment #3 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=665169
https://bugzilla.novell.com/show_bug.cgi?id=665169#c4
--- Comment #4 from Guido Berhörster
Ah, I didn't know that. org.gnome.power.backlight-helper is auth_admin too.
Sorry, you're right I misread that, I also only noticed today that both are identical when looking at the copyright.
Copying the code isn't exactly clever anyways. Why is there no common backend?
I don't know upstream motivation, on the packaging level it could probably be split off of the g-p-m package for use by xfpm, however I'm not sure that's worth the effort. It'd also be better if both didn't use glib. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=665169
https://bugzilla.novell.com/show_bug.cgi?id=665169#c5
Guido Berhörster
participants (1)
-
bugzilla_noreply@novell.com