plainbox-secure-policy doesn't work over ssh
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
PlainBox (Toolkit) |
Fix Released
|
Critical
|
Zygmunt Krynicki |
Bug Description
I have two "systems" running. One is a cloud instance that is updated Trusty, the other is a bare-metal server that I locally provision and install via d-i.
BOTH systems have up-to-date trusty packages on them.
BOTH systems have had c-c-s installed using the following packages: checkbox-ng, plainbox-
Both systems are accessed via SSH
In both cases, plainbox-
=======
=======
Error executing command as another user: Not authorized
This incident has been reported.
After some testing today, Daniel confirmed that when logged in locally, the user is able to run c-c-s without issue using the secure policy package. But when logged in via SSH, he encounters the same errors I did. Workaround is to install plainbox-
here are pacakge versions:
ubuntu@
ii plainbox-
ii plainbox-
ii plainbox-
ii plainbox-
ii python3-plainbox 0.6~dev+
ubuntu@
ii checkbox-ng 0.3~dev+
ii plainbox-
ii python3-checkbox-ng 0.3~dev+
ii python3-
Related branches
- Zygmunt Krynicki (community): Approve
- Daniel Manrique (community): Approve
-
Diff: 69 lines (+27/-0)2 files modifiedplainbox/plainbox/impl/ctrl.py (+3/-0)
plainbox/plainbox/impl/test_ctrl.py (+24/-0)
summary: |
- plainbox-secure-policy prevents normal user from running c-c-s + plainbox-secure-policy doesn't work over ssh |
affects: | checkbox → plainbox |
Changed in plainbox: | |
milestone: | 2014-apr-11 → none |
milestone: | none → 0.6 |
importance: | High → Critical |
Changed in plainbox: | |
status: | Triaged → In Progress |
assignee: | nobody → Zygmunt Krynicki (zkrynicki) |
Changed in plainbox: | |
status: | In Progress → Fix Committed |
Changed in plainbox: | |
status: | Fix Committed → Fix Released |
Our policy covers only active sessions:
<defaults> allow_any> no</allow_ any> allow_inactive> no</allow_ inactive> allow_active> auth_admin_ keep</allow_ active>
<
<
<
</defaults>
per polkit documentation, SSH counts as an "inactive" session:
" Inactive sessions are generally remote sessions (SSH, VNC, etc.) whereas active sessions are logged directly into the machine on a TTY or an X display. allow_any is the setting encompassing both scenarios. ".
However, I found that I have to make allow_any "auth_admin_keep" for this to work over SSH. This may need some more fiddling but apparently it's possible to solve with some policy settings.