Looking for opinions on authorization frameworks for Pallet

Kyle Sammons ksammons at macports.org
Fri Aug 7 13:46:07 PDT 2015 

Hey Rainer,

I mean, most users already run the port command as root. Any security
> vulnerability that can be exploited in the GUI would most probably also be
> exploitable from the command line when running with 'sudo port'. Or what
> kind of
> vulnerability do you have in mind?


It'd most likely be more insecure due to the fact that Pallet has a
constant Tcl shell running in the background, as well as it's running the
entire GUI framework as root.

That would be very unfortunate. I would see the GUI as a way to give users
> easier access to MacPorts without the need to use the Terminal. Opening an
> app
> bundle should be the preferred way in my opinion.


In order to achieve that, I'd have to replace the current authorization
framework (option 1 of the original email). The only other option is that I
may be able to get a launcher type script working (double-click and a
"GUI-sudo" would launch Pallet as root).

-Kyle

On Fri, Aug 7, 2015 at 1:34 PM, Rainer Müller <raimue at macports.org> wrote:

> On 08/07/2015 09:18 PM, Kyle Sammons wrote:
> >     That's right. I don't think it is unsolvable, just a lot of work to
> >     figure it out, but the solution we implement here could also be used
> for
> >     other applications. It might be worth the effort to have this.
> >
> >
> > I'm not sure too many other people would be able to benefit from it as
> the
> > issues we're having isn't so much with automatically generating a
> self-signed
> > certificate (that part is already written), but getting that to work
> within the
> > MacPorts build system.
>
> Hm, but wouldn't that be helpful for other ports installing .app bundles?
> Maybe
> I don't have enough knowledge here to decide whether it is really useful.
>
> >     There would not be any new functionality in the graphical frontend
> that
> >     could not also be exploited in 'sudo port' from the command line,
> right?
> >
> >
> > I'm not sure what you mean by that. Would you mind rewording it?
>
> I mean, most users already run the port command as root. Any security
> vulnerability that can be exploited in the GUI would most probably also be
> exploitable from the command line when running with 'sudo port'. Or what
> kind of
> vulnerability do you have in mind?
>
> >     Would I have to type 'sudo pallet'? Will I be able to start the
> >
> >     application from an app bundle?
> >
> >
> > Currently yes, unless there's a way to launch an app bundle with
> superuser
> > privileges that I'm unaware of.
>
> That would be very unfortunate. I would see the GUI as a way to give users
> easier access to MacPorts without the need to use the Terminal. Opening an
> app
> bundle should be the preferred way in my opinion.
>
> Rainer
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/macports-dev/attachments/20150807/06456e82/attachment.html>

More information about the macports-dev mailing list