For your reassurance, the previous design of Checkbox using dbus was not quite as much a security vulnerability as that. In fact, the backend running as root could only run commands known to be tests. So, you could not connect to the backend and request to run a command like: rm -fr /. However, where this became a potential security vulnerability is when integrating third party test suites.
In Checkbox, tests are called jobs because they actually represent composites, ie jobs can generate new jobs and so forth. So, when integrating a third party suite like autotest, the integration job branches the project and extracts the tests within, which produce other jobs. If the repository was compromised or if the location where they got branched got compromised, then the produced jobs could essentially run arbitrary commands and still be considered legit by the backend. The current solution of using sudo/gksu/kdesudo might seem overkill but seems to be the safest way to guarantee that a normal user will not compromise his system by accident. If an equally secure solution could be implemented with PolicyKit, this would be awesome. Perhaps this could be a topic of discussion for the next UDS where we should invite the security team. -- Candidate revision checkbox_0.9 https://bugs.launchpad.net/bugs/532882 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
