Can't run apps requiring elevated privileges on artful

Wed Oct 25 14:07:25 UTC 2017

The mechanism isn't broken, it's changed. The apps are broken now. They
will be until they are fixed to work with the new permission model.

Ciao,
Gilles

On Wed, Oct 25, 2017 at 3:54 PM, Oliver Grawert <ogra at ubuntu.com> wrote:

> hi,
> Am Mittwoch, den 25.10.2017, 14:02 +0200 schrieb Gilles Gravier:
> > any graphical application needs to be fixed to operate
> > fully under the new model. Because somebody some day will try to use
> > it
> > that way and it will break when it was working before...
>
> i'd disagree here, it is a massive design flaw of xorg that you can run
> anything and everything as root in graphical mode, it is insecure and
> most of the time graphical apps are neither designed for this nor
> tested by their upstreams in such a mode ...
>
> imagine a file manager app that will automatically try to make sure the
> ownership permissions of your trash and Desktop dirs are always
> correct, so it checks and re-sets them on every startup (or even just
> its own config files) ... it might be a good thing if this app is run
> as designed (i.e. as the user) that it makes the config files owned and
> only readable by this specific user (there might be credentials for
> remote shares in them etc) ...
>
> now imagine you run the same file manager app under sudo, it re-owns
> everything to root and changes it to "only root can read this" ...
>
> you dont want this particular app to ever be run as root and the
> upstream developer will likely even tell you she did not design it that
> way ...
>
> another example would be a toolkit that simply routes all your key
> presses through a socket to handle specific exotic input methods ...
> normally that socket is owned by the user and only accessible by the
> user, which is a safe design ... now you run it as root, the socket
> goes somewhere system-wide readable and everyone can sniff your online
> banking password from the socket while you type it ...
>
> typically the GUI part of an app should always be run only by the user
> and root-like operations should be handled by a privileged backend
> instead ... apps requiring privilege elevation should be designed in
> this two-part setup since dbus was introduced to desktop linux ... and
> apps not originally designed for this should not be run with escalated
> privs ...
>
> wayland (as mir did too) simply takes away one opportunity to shoot
> yourself in the foot here ... which ... i understand ... some people
> want to do indeed, but xorg is still around for them and wont go away
> for a long time ... for all the others, there is 6 months to fix all
> the apps that really need escalated privs ...
>
> if something that "did work before" is now "broken", consider that it
> might be because it was initially not actually designed to be used that
> way...
>
> ciao
>         oli
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/ubuntu-users
>
>

-- 
Gilles Gravier - ggravier at fsfe.org
Using Google Apps web mail
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20171025/b5c8ae3e/attachment.html>