Follow

After the news about the recent exploit, I had a closer look at what it actually does.

It seems that for my distribution :gentoo: polkit could be uninstalled, if other packages are installed such that they do not depend on it of course.

I am not affected by the exploit and I bear no grudge on polkit. But I wonder what consequences uninstalling might bring. So far I can't see the downsides.

Q: What would I loose, if I removed polkit from my system?

@floppy

polkit provides a framework to access resources as a different user, kinda like sudo with no password (and for specific commands)

udisks depends on polkit so right away you will not be able to mount drives as user

I think suspend mechanisms for laptops (when the lid is closed) will not work and you will be only able to shutdown as root

@floppy

also some packages have a hard-dependency on polkit, ie. plasma

@xgqt Indeed, when I "equery d polkit" it seems udisks is the only package with a hard depedency on polkit. udisks is convenience for me, getting rid of polkit might be possible then.

IIRC I turned to polkit's pkexec after reading that gksudo is considered deprecated. Though I don't really like the overhead that comes with it.

@hund Do you run graphical programs as root at times? Using sudo to gain privileges is discouraged, so I wonder whether there might be alternatives to pkexec.

@floppy

not hund but I never run GUIs as root and also I dont have sudo/doas because I just use su

@xgqt What's your reason to use su instead of sudo? I don't want to swear on it, but I think I read (Gentoo documentation possibly) that su should be avoided for some reasons. Would need to look it up again.

Running graphical applications as root is not the greatest thing to do probably. Maybe I just continue a necessity of the past now is a bad habit...

I would mostly use it for Wireshark or (lazy me) GParted at times. In both cases a different way should be possible, I think.

@floppy

Yes, su should be avoided if a user can gain required privilege by being added to a non-root group ;P

You don't need it for wireshark, just add yourself to it's group.

I use fdisk, I got rid of gparted some time ago because it 1) used filesystems packages I dont use, 2) had dependency on GTK2.

@xgqt I guess I'm a bit spoiled by gparted. Mostly for it's visual representation and the integration of infrequently used tools. One of the few exceptions where I still use a GUI and haven't made the change yet. Yet.

Do you use any tool to get a better overview over partition distribution over disks that does not resort to plain numbers?

I noticed that I've never used fdisk for partitioning (unlike parted, without 'g'). Might try that next time. Thanks for that!

@floppy

> Do you use any tool to get a better overview over partition distribution over disks that does not resort to plain numbers?

lsblk, dfc, filelight (Gui), LVM tools (where I have LVM installed)

@floppy not listing KDE infocenter since it depends on udisks, afaik

@xgqt dfc looks lovely! filelight reminds me a bit of treesize (cross-platform). Thanks for the recommendations!

I wonder whether there is a tool with TUI that somehow shows the partition sizes relative to each other, similar to what gparted does on top of the window. But on second thought I'm not really sure how much value that actually holds.

@xgqt Turns out they added the section on permissions in 2016. I installed my Gentoo before that and I guess I've never checked after setting up Wireshark once. :D

Thanks for the link! Worked like a charm. All those years hacking "gksu wireshark" into dmenu, haha.

@floppy @xgqt

When I'm in admin mode (in my head) on my own networks, I admit that my go-to is "sudo bash", which of course might as well be su. It wasn't until I started taking "use an unprivileged account" seriously as a security measure that I started taking sudo seriously. Specifically, I use the ability to restrict a particular user on a particular box to specific sudo commands. When that's under network control, sudo is really powerful & very different from su. I suspect that most solo folks ever encounter that. 🤷

@MindOfJoe @floppy

except that:
- sudo security can be broken by misconfiguration of its config files
- sudo had lot of vunerabilities in the past

imo random users on a box shouldnt be running sudo at all.

btw when you give/sell accounts on a box it is quite risky to give an actual account, not a VM/container

also, its not like I use a root account to do everything. I keep 1 root shell opened in case I need to run something I cannot run as my "default" user.

@xgqt

In my opinion, pushing universal solutions without concern for the user, use case, risk profile, or environment, isn't a good policy either ~ but, you know, to each their own 🙄

Cheers!

@floppy

@floppy @xgqt The web browser, GIMP and Inkscape is pretty much all graphical software that I use. :)

@floppy I never had it to begin with. To my understanding it's an alternative to sudo and doas.

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.