Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://hachyderm.io/users/dalias/statuses/111176772867545101">Rich Felker (dalias@hachyderm.io)'s status on Saturday, 07-Oct-2023 22:24:49 JST</a><a href="https://hachyderm.io/@dalias" title="dalias@hachyderm.io"><img src="https://gnusocial.jp/avatar/40873-48-20221207231635.webp" width="48" height="48" alt="Rich Felker" style="position: absolute; left: 0; top: 0;">Rich Felker</a><div><a href="https://hachyderm.io/@dalias/111176766320976991" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/92094" title="pid_eins@mastodon.social">Lennart Poettering</a></li><li><a href="https://gnusocial.jp/user/136486" title="jamesh@aus.social">James Henstridge</a></li></ul></div></section><article><p><a href="https://aus.social/@jamesh">@jamesh</a> <a href="https://mastodon.social/@pid_eins">@pid_eins</a> <a href="https://metalhead.club/@mariusor">@mariusor</a> With basic unix access controls, there is also testability. You know the extremely limited set of variables that the result of permission checks can depend on, and can test what happens with those. Polkit on the other hand has a nearly unbounded set of possible inputs to make its decisions based on, making the security of a configuration effectively untestable.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2137826#notice-4225374">In conversation</a><time datetime="2023-10-07T22:24:49+09:00" title="Saturday, 07-Oct-2023 22:24:49 JST">about a year ago</time> <span>from <span><a href="https://hachyderm.io/@dalias/111176772867545101" rel="external" title="Sent from hachyderm.io via ActivityPub">hachyderm.io</a></span></span><a href="https://hachyderm.io/@dalias/111176772867545101">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Saturday, 07-Oct-2023 22:24:49 JSTRich Felker
in reply to
@jamesh @pid_eins @mariusor With basic unix access controls, there is also testability. You know the extremely limited set of variables that the result of permission checks can depend on, and can test what happens with those. Polkit on the other hand has a nearly unbounded set of possible inputs to make its decisions based on, making the security of a configuration effectively untestable.
In conversationabout a year ago from hachyderm.iopermalink

Public

Embed Notice

HTML Code

Corresponding Notice