I was planning to upgrade, so I ran this:
apk update --simulate
#same number of packages
apk upgrade --simulate
Having run a polkit-free system for several years, I was not happy to see
"adding polkit". (In my past experience, it is a royal pain to get working
right if you use startx and a minimal window manager.
And when it was working, plain authentication worked better for me than the
After reading up, I figured out that it was a precaution for the
brightness helper that xf86-video-intel ships with, related to a CVE in
that helper (it was writing to /sys/class/backlight/%s/brightness,
where %s could be any valid portion of a path name).
Now, as an aside:
The latest version of that helper checks for the presence of '/' in the
command line and exits if found.
This theoretically would still allow writing a new file with one of two
names (/sys/class/brightness or /sys/class/backlight/brightness) if you
use '.' or '..' as the path, except the open/fstat test handles that.
Anyhow, I tested my laptop, and found that I can change the brightness
even if the helper is chmod a-x.
So I wrote the attached apkbuild to satisfy the polkit dependency.
I'd guess that it should not be added to the main repo, since it might
cause an automatic "upgrade"; but some people might find it handy.
Aside: I have X starting at boot as a user via this line in inittab:
::once:/bin/su -c "xinit 2>/dev/null >&2" -l idunham
Received on Sat Sep 13 2014 - 08:25:25 UTC