Bug 1215481

Summary: flatpak allows members of the wheel group unauthenticated access
Product: [openSUSE] openSUSE Tumbleweed Reporter: Ludwig Nussel <lnussel>
Component: GNOMEAssignee: E-mail List <gnome-bugs>
Status: NEW --- QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: matthias.gerstner, security-team
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Ludwig Nussel 2023-09-19 11:52:40 UTC 
/usr/share/polkit-1/rules.d/60-org.freedesktop.Flatpak.rules allows local users in the wheel group to perform privileged actions without authentication. openSUSE does not define any meaning for the wheel group, therefore such rules violate security expectations.

Moreover, there are efforts to actually define a meaning for the wheel group, namely requiring self authentication with their own password for privileged actions (PED-260). The flatpak rules also violate that expectation by not requiring any authentication.
Comment 1 Matthias Gerstner 2023-10-02 11:26:12 UTC 
We have been through a lot of discussions regarding the significance of the
wheel group.

For FlatPak we actually gave our blessing in bug 984817 comment 20. It's
likely the only exception to the rule we have right now.

Given the recent developments surrounding wheel a reevaluation for FlatPak
might make sense. What FlatPak people want is a good user experience. A quick
way out of this might be using a dedicated group for flatpak.