Looking for opinions on authorization frameworks for Pallet

Rainer Müller raimue at macports.org
Fri Aug 7 13:34:38 PDT 2015


On 08/07/2015 09:18 PM, Kyle Sammons wrote:
>     That's right. I don't think it is unsolvable, just a lot of work to
>     figure it out, but the solution we implement here could also be used for
>     other applications. It might be worth the effort to have this.
> 
> 
> I'm not sure too many other people would be able to benefit from it as the
> issues we're having isn't so much with automatically generating a self-signed
> certificate (that part is already written), but getting that to work within the
> MacPorts build system. 

Hm, but wouldn't that be helpful for other ports installing .app bundles? Maybe
I don't have enough knowledge here to decide whether it is really useful.

>     There would not be any new functionality in the graphical frontend that
>     could not also be exploited in 'sudo port' from the command line, right?
> 
> 
> I'm not sure what you mean by that. Would you mind rewording it?

I mean, most users already run the port command as root. Any security
vulnerability that can be exploited in the GUI would most probably also be
exploitable from the command line when running with 'sudo port'. Or what kind of
vulnerability do you have in mind?

>     Would I have to type 'sudo pallet'? Will I be able to start the
> 
>     application from an app bundle? 
> 
> 
> Currently yes, unless there's a way to launch an app bundle with superuser
> privileges that I'm unaware of. 

That would be very unfortunate. I would see the GUI as a way to give users
easier access to MacPorts without the need to use the Terminal. Opening an app
bundle should be the preferred way in my opinion.

Rainer



More information about the macports-dev mailing list