Monday, November 26, 2007

Gnome2 >2.20.0

I am unsure when Gnome2 started using PolicyKit which itself relies on SELinux and/or PAM but in my honest opinion this is a bad bad move.

I don't know how people who are building third party Gnome2 packages for Slackware are going to build it without PolicyKit. Every man and his dog knows that Slackware's author, Mr Volkerding, regards PAM as a huge security hole so does not and has said he will not include PAM in his distribution.

I have liked Gnome since its first incarnation many years ago. While I currently use the always improving without adding bloat Xfce4 I often revisit Gnome2 to see what is going on there. KDE simply does not get a look in because I have never liked QT.

But, this new reliance on PolicyKit which in turn relies on PAM and/or SELinux to be able to do its work is going to prove to be a massive turn off for me and no doubt a lot of Slackware users and for that reason alone unless I, and others, can find a way to build the latest version of Gnome2 without PolicyKit then Gnome2 will simply fall by the wayside as so many other DTE's and WM's have done over the years. Xfce4 will be the only DTE (DeskTop Environment) left on my system for those times I load up X.

Time and time again I have dabbled with PAM. Built it, installed it, configured it for my needs but always I have felt that PAM is simply a security bolt on that is not needed on a properly configured system. Because it is a bolt on this alone makes it a security hole. Look at PAM's record on vulnerabilities and you will see just how poor a record PAM has in this area. After a week or two usage with PAM running on my systems and adding a patch or 3 to cover some hole within it or updating it yet again because of a vulnerability I get fed up with it and remove it. Look around the Internet and you will see problem after problem regarding PAM and now we have parts of Gnome2 relying on it. If I feel this way how many others out there feel the same?

I downloaded the latest, at time of writing 2.21.2, Garnome (that is how I have tested various versions of Gnome2 for quite some time. Garnome itself is a wonderful tool as it allows you to test Gnome2 without actually installing it system wide) and because I have no PAM or SELinux installed it will not build. I have edited various files within the Garnome environment to try and eliminate the need for PolicyKit, PAM and SELinux but every effort resulted the same. It simply will not build.

This reliance on PolicyKit, PAM and SELinux is a shame as I said earlier on, Gnome2 has been one of my favourite DTE's and because of these reliances I will soon be consigning it to the bin.

No comments: