Bugzilla – Bug 1214897
AUDIT-WHITELIST: udisks2: review of new polkit privileges for 2.10.0 release
Last modified: 2024-03-13 09:22:05 UTC
Hello there, The new 2.10.0 UDisks2 release brings new PolKit actions: > udisks2.x86_64: E: polkit-untracked-privilege (Badness: 10000) org.freedesktop.udisks2.filesystem-mount-other-user (auth_admin:auth_admin:auth_admin_keep) > udisks2.x86_64: E: polkit-untracked-privilege (Badness: 10000) org.freedesktop.udisks2.nvme-smart-selftest (auth_admin:auth_admin:auth_admin_keep) > udisks2.x86_64: E: polkit-untracked-privilege (Badness: 10000) org.freedesktop.udisks2.nvme-sanitize (auth_admin:auth_admin:auth_admin_keep) > udisks2.x86_64: E: polkit-untracked-privilege (Badness: 10000) org.freedesktop.udisks2.nvme-format-namespace (auth_admin:auth_admin:auth_admin_keep) > udisks2.x86_64: E: polkit-untracked-privilege (Badness: 10000) org.freedesktop.udisks2.nvme-connect (auth_admin:auth_admin:auth_admin_keep) > udisks2.x86_64: E: polkit-untracked-privilege (Badness: 10000) org.freedesktop.udisks2.nvme-disconnect (auth_admin:auth_admin:auth_admin_keep) > udisks2.x86_64: E: polkit-untracked-privilege (Badness: 10000) org.freedesktop.udisks2.nvme-set-hostnqn-id (auth_admin:auth_admin:auth_admin_keep) While updating the package in my home project I missed those RPM Lint errors -- darned multitasking -- and the package got unresolvable in Base:System due to its dependency on the new libblockdev 3.0 release that must be staged together with this new 2.10 udisks2 release. Only while staging that this error got caught [1]. Thanks in advance. 1. https://build.opensuse.org/request/show/1108253
Thank you for opening the review bug. We will have a look.
Upstream: https://www.freedesktop.org/wiki/Software/udisks/ OBS: https://build.opensuse.org/package/show/Base:System/udisks2
The package doesn't seem to build currently, because libblockdev 3.0 is missing. Do you intend to submit this Factory right away or will this need some more time? I reviewed the new actions all looks okay. The polkit authentication is properly done based on the dbus sender subject. Also a lot of extra details are provided to the authentication messages so users know what exactly they are authenticating. All actions require root privileges in all contexts, which is also necessary, because these are low level block device operations. The `filesystem-mount-other-user` action is an addition that allows to mount a filesystem as if done for another user id. This looks okay so far. The other actions are all related to low level NVME block device handling. All of the actions are based on block devices and there shouldn't be any user controlled files in the play. The nvme-set-hostnqn-id is actually creating a configuration file in /etc, but it is root controlled and only world readable, contains the NVM qualified name.
(In reply to Matthias Gerstner from comment #3) > The package doesn't seem to build currently, because libblockdev 3.0 is > missing. Do you intend to submit this Factory right away or will this need > some more time? I'd like to submit it ASAP, since libblockdev 3.0 was released at the end of June. And the only road block is UDisks 2.10, right now. Both liblockdev 3.x and UDisks 2.10 have to be staged together. > I reviewed the new actions all looks okay. The polkit authentication is > properly done based on the dbus sender subject. Also a lot of extra details > are provided to the authentication messages so users know what exactly they > are authenticating. > > All actions require root privileges in all contexts, which is also necessary, > because these are low level block device operations. > > The `filesystem-mount-other-user` action is an addition that allows to mount > a > filesystem as if done for another user id. This looks okay so far. > > The other actions are all related to low level NVME block device handling. > All > of the actions are based on block devices and there shouldn't be any user > controlled files in the play. > > The nvme-set-hostnqn-id is actually creating a configuration file in /etc, > but > it is root controlled and only world readable, contains the NVM qualified > name. These are good news. Thanks for the review.
the whitelisting change is on its way to Factory via sr#1110470
Accepted into Factory https://build.opensuse.org/request/show/1110598
The whitelisting should be effective now, closing the bug as fixed.
Thank you everybody for your time.
Hello once again, I have to bother you people one more time. Somehow we missed this one: > udisks2.x86_64: E: polkit-user-privilege (Badness: 10000) org.freedesktop.udisks2.nvme-smart-update (auth_admin:auth_admin:yes)
It was partly my fault for copy-pasting someone else's copy-paste, instead of checking the RPM Lint log myself :~p In any case, I have a build of udisks2 here: https://build.opensuse.org/package/show/home:luc14n0:branches:devel:libraries:c_c++/udisks2
Matthias is on FTO. This seems urgent, so I'll work on it today.
Looks good to me. udisks_nvme_controller_complete_smart_update(), called from handle_smart_update(), which performs Polkit authorization first. I chose ::yes for the easy and standard PolKit profiles because this function only reads from the controller and doesn't appear to modify anything: https://github.com/storaged-project/udisks/blob/1d8ac51c6917777e25545f73af50c2d3ad67f100/src/udiskslinuxnvmecontroller.c#L353 http://storaged.org/libblockdev/libblockdev-NVMe.html#bd-nvme-get-smart-log Whitelisting on its way to Factory: https://build.opensuse.org/request/show/1112560
Thank you Wolfgang for the due diligence.
(In reply to luc14n0@opensuse.org from comment #10) > It was partly my fault for copy-pasting someone else's copy-paste, instead of checking the RPM Lint log myself :~p > > In any case, I have a build of udisks2 here: > > https://build.opensuse.org/package/show/home:luc14n0:branches:devel:libraries:c_c++/udisks2 I thought I had checked the actual OBS build logs when I whitelisted but it seems like it still slipped my attention. Anyway, the whitelisting should be complete now. Closing this bug as fixed.