| 3 Jun 2021 |
 Jan Tojnar | I would expect multifinger to work on anything relatively new | 20:49:57 |
 ryantm | hmenke: What kind of GPU do you have? | 20:56:19 |
 piegames | https://github.com/NixOS/nixpkgs/issues/125363 can somebody please help me a bit on this one? I haven't seriously worked with that GJS thing yet and I'm a bit overwhealmed. | 21:42:56 |
| piegames | I tried looking at other extensions, but every one seems to have their own special soup for solving their version of the problem so this is no help. | 21:43:29 |
| Jan Tojnar | piegames: there are two problems | 21:49:34 |
| Jan Tojnar | one will be solved by the inputs | 21:49:46 |
| Jan Tojnar | and the other by the stuff linked in the manual | 21:50:07 |
| Jan Tojnar | * piegames: there are two problems (that I know of) | 21:51:05 |
| piegames | Okay, I'll give it a try. Should I add a manual packaging for the extension or should I create some space to place overrides on the automatic ones? | 21:53:56 |
| Jan Tojnar | hexa: did you try to PM me? the chat does not seem to work | 21:54:12 |
 hexa | yes, I did | 21:54:27 |
| hexa | polkit fun | 21:54:30 |
| piegames | I'm dreaming of a list of "These extensions need X and those need Y" and the builder automatically adapts to that, but for what I've seen so far it won't be easy. | 21:54:44 |
| hexa | Jan Tojnar: https://github.com/NixOS/nixpkgs/pull/125554 | 21:55:10 |
| Jan Tojnar | piegames: I think overrides ร la haskellโs configuration common would be most convenient | 21:56:10 |
| hexa | Jan Tojnar: question would be: which target branch | 22:03:32 |
| hexa | ๐ฅ (staging) ๐ฅ๐ฅ (staging-next) ๐ฅ๐ฅ๐ฅ (master) | 22:03:51 |
| Jan Tojnar | it is very gnarly, so I owuld go with master | 22:04:05 |
| hexa | polkit has its own user, but little hardening | 22:04:44 |
| hexa | merge at your own discretion, this should at least cleanly backport to 21.05 | 22:05:07 |
| hexa | applies to 20.09 as well ๐ | 22:08:21 |
| Jan Tojnar | hexa: I have not read it very closely, can one just run any process as root (e.g. using pkexec API) | 22:08:53 |
| Jan Tojnar | * hexa: I have not read it very closely, does this allow just running any process as root (e.g. using pkexec API)? | 22:09:17 |
| hexa |
The vulnerability can be reliably used by an unprivileged local attacker
to bypass authorization and escalate permissions up to the root user.
| 22:09:20 |
| Jan Tojnar | * hexa: I have not read it very closely, does this allow just running any command as root (e.g. using pkexec API)? | 22:09:34 |
| hexa | https://www.openwall.com/lists/oss-security/2021/06/03/1 | 22:09:41 |
| Jan Tojnar | or only those registered as polkit actions? | 22:09:48 |
| hexa | I'm not too familiar with polkit internals, sorry | 22:11:09 |
| Jan Tojnar | I cannot look into it more at the moment so I would just merge | 22:12:33 |
| hexa | then let's wait for fridh/vcunat | 22:14:56 |
