Can't run apps requiring elevated privileges on artful
Oliver Grawert
ogra at ubuntu.com
Wed Oct 25 13:54:48 UTC 2017
hi,
Am Mittwoch, den 25.10.2017, 14:02 +0200 schrieb Gilles Gravier:
> any graphical application needs to be fixed to operate
> fully under the new model. Because somebody some day will try to use
> it
> that way and it will break when it was working before...
i'd disagree here, it is a massive design flaw of xorg that you can run
anything and everything as root in graphical mode, it is insecure and
most of the time graphical apps are neither designed for this nor
tested by their upstreams in such a mode ...
imagine a file manager app that will automatically try to make sure the
ownership permissions of your trash and Desktop dirs are always
correct, so it checks and re-sets them on every startup (or even just
its own config files) ... it might be a good thing if this app is run
as designed (i.e. as the user) that it makes the config files owned and
only readable by this specific user (there might be credentials for
remote shares in them etc) ...
now imagine you run the same file manager app under sudo, it re-owns
everything to root and changes it to "only root can read this" ...
you dont want this particular app to ever be run as root and the
upstream developer will likely even tell you she did not design it that
way ...
another example would be a toolkit that simply routes all your key
presses through a socket to handle specific exotic input methods ...
normally that socket is owned by the user and only accessible by the
user, which is a safe design ... now you run it as root, the socket
goes somewhere system-wide readable and everyone can sniff your online
banking password from the socket while you type it ...
typically the GUI part of an app should always be run only by the user
and root-like operations should be handled by a privileged backend
instead ... apps requiring privilege elevation should be designed in
this two-part setup since dbus was introduced to desktop linux ... and
apps not originally designed for this should not be run with escalated
privs ...
wayland (as mir did too) simply takes away one opportunity to shoot
yourself in the foot here ... which ... i understand ... some people
want to do indeed, but xorg is still around for them and wont go away
for a long time ... for all the others, there is 6 months to fix all
the apps that really need escalated privs ...
if something that "did work before" is now "broken", consider that it
might be because it was initially not actually designed to be used that
way...
ciao
oli
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20171025/393a4c5c/attachment.sig>
More information about the ubuntu-users
mailing list