zenmap: running as root
Lukas Schwaighofer
lukas at schwaighofer.name
Tue Sep 12 21:26:22 UTC 2017
Hi,
zenmap ships with a zenmap-root.desktop file which uses `su-to-root` to
gain root privileges. This might not be a good approach as:
* `su-to-root` is part of the menu package (not the gksu package which
is being recommended); the menu package is not installed on my systems
- we would at least need to add menu to Recommends
* as its primary choice, `su-to-root` uses `gksu` to gain privileges,
which is deprecated and in the process of being removed [1]
* apart from `gksu`, none of the tools `su-to-root` uses to gain root
privileges are installed on my system (except for using `su` in a
terminal)
The gksu removal bug reports mentions PolicyKit (i.e. `pkexec`) as a
possible alternative for elevating privileges. I just tried this on my
machine to evaluate if we can migrate zenmap to `pkexec`. If we want to
do that we need to:
* Recommend (or Depend):
- policykit-1 for pkexec
- polkit-1-auth-agent, a virtual package, to make sure an
authentication agent is available
* Add an xml file for policykit (to allow executing the GUI program and
to customize the password prompt)
Possible issues with implementing this are:
* I'm not sure which authentication agent is a good default choice
- probably my choice would be policykit-1-gnome, as it also uses gtk
(just as zenmap, but gtk3 instead of gtk2)
* After installing an authentication agent, it won't be active until
the user logs out and back in (at least that's true for
policykit-1-gnome), so until then the desktop entry will just not
work if this has just been installed
What do you think?
Thanks & Regards
Lukas
[1] https://bugs.debian.org/867236
More information about the Pkg-security-team
mailing list