configure.ac recommendations for directory ownership are incorrect
Submitted by Maxim Kammerer
Assigned to David Zeuthen @david
Description
The following commit: http://cgit.freedesktop.org/polkit/commit/configure.ac?id=8e0383cb9972f5b3b86e64f9b015f53671ce0323 adds a non-privileged polkitd user, with the following recommendations:
echo "NOTE: The directory ${sysconfdir}/polkit-1/rules.d must be owned" echo " by user '$POLKITD_USER' and have mode 700"
echo "NOTE: The directory ${datadir}/polkit-1/rules.d must be owned" echo " by user '$POLKITD_USER' and have mode 700"
Since polkitd has no need to change these files, it is actually safer to have the directories root-owned, and group-readable by polkitd. E.g.:
echo "NOTE: The directory ${sysconfdir}/polkit-1/rules.d must be group-owned" echo " by user '$POLKITD_USER' and have mode 750"
echo "NOTE: The directory ${datadir}/polkit-1/rules.d must be group-owned" echo " by user '$POLKITD_USER' and have mode 750"
That way, a limited daemon compromise that results in ability to overwrite daemon-owned files will not automatically result in full system compromise.