Mailinglist Archive: opensuse-bugs (3517 mails)

< Previous Next >
[Bug 698250] AUDIT-0: colord: new dbus and polkit rules

https://bugzilla.novell.com/show_bug.cgi?id=698250

https://bugzilla.novell.com/show_bug.cgi?id=698250#c6


Vincent Untz <vuntz@xxxxxxxx> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
InfoProvider|vuntz@xxxxxxxx |

--- Comment #6 from Vincent Untz <vuntz@xxxxxxxx> 2011-09-06 15:25:05 UTC ---
(In reply to comment #5)
Is it really necessary to run this as root? It links to a lot
of libararies and contains SQL injection vulnerabilities via
its sqlite3 calls.

Why does it actually need root privs? To write the system
wide settings files?

A new version of colord (in GNOME:Factory right now) allows the use of a
non-root user, see
http://gitorious.org/colord/master/commit/75c7028157e8c8abeea0e510445a86bbcf166ee0

This commit log is also of interest:
http://gitorious.org/colord/master/commit/06c6477831a6d4cb4297b6b9a6bff23f9477aa88
"Ensure uid 0 can create devices and profiles even when not on the active
console

When colord is running as the root user then this magically works, even though
daemons like cups are not on an active console.

If you switch colord to running as a private user then PolicyKit no longer
implicitly grants the authorisation from the root user, and this means that
printers cannot be registered with colord. By checking for the uid we can grant
an implicit authorisation ourselves before asking PolicyKit."

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >