From patchwork Mon Feb 17 12:16:51 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans de Goede X-Patchwork-Id: 3662861 Return-Path: X-Original-To: patchwork-intel-gfx@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id E12ADBF40C for ; Mon, 17 Feb 2014 12:17:03 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 2EBCB201CD for ; Mon, 17 Feb 2014 12:17:03 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) by mail.kernel.org (Postfix) with ESMTP id 675CE20155 for ; Mon, 17 Feb 2014 12:17:02 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id B481DFA703; Mon, 17 Feb 2014 04:17:00 -0800 (PST) X-Original-To: intel-gfx@lists.freedesktop.org Delivered-To: intel-gfx@lists.freedesktop.org Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by gabe.freedesktop.org (Postfix) with ESMTP id 46D9EFA3CF for ; Mon, 17 Feb 2014 04:16:59 -0800 (PST) Received: from int-mx12.intmail.prod.int.phx2.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s1HCGwEP010568 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 17 Feb 2014 07:16:58 -0500 Received: from shalem.localdomain.com (vpn1-7-24.ams2.redhat.com [10.36.7.24]) by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s1HCGu7f010532; Mon, 17 Feb 2014 07:16:57 -0500 From: Hans de Goede To: intel-gfx@lists.freedesktop.org Date: Mon, 17 Feb 2014 13:16:51 +0100 Message-Id: <1392639414-3909-2-git-send-email-hdegoede@redhat.com> In-Reply-To: <1392639414-3909-1-git-send-email-hdegoede@redhat.com> References: <1392639414-3909-1-git-send-email-hdegoede@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 Cc: peter.hutterer@redhat.com Subject: [Intel-gfx] [PATCH 1/4] backlight: Explain better why we support both pkexec and suid root for the helper X-BeenThere: intel-gfx@lists.freedesktop.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Intel graphics driver community testing & development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: intel-gfx-bounces@lists.freedesktop.org Errors-To: intel-gfx-bounces@lists.freedesktop.org X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Update the comment about trying suid-root first with some explanations of why pkexec may be preferable in some cases. Signed-off-by: Hans de Goede --- src/backlight.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/backlight.c b/src/backlight.c index 70c6559..0e63ba5 100644 --- a/src/backlight.c +++ b/src/backlight.c @@ -270,8 +270,10 @@ static int __backlight_helper_init(struct backlight *b, char *iface) int use_pkexec = 0; int fds[2]; - /* If system policy is to disallow setuid helpers, - * we fallback to invoking PolicyKit. However, as pkexec + /* + * Some systems may prefer using PolicyKit's pkexec over + * making the helper suid root, since the suid option will allow + * anyone to control the backlight. However, as pkexec * is quite troublesome and not universally available, we * still try the old fashioned and simple method first. * Either way, we have to trust that it is our backlight-helper