Re: Privileged File Access from Desktop Applications

[Malte Kraus <malte.kraus () suse com>]

Hi Perry,

On Tue, 2019-07-09 at 11:30 -0400,  Perry E. Metzger wrote:
> Can you explain (or point to) a description of why this is a problem?
I'm not sure what exactly breaks, just that it does, see e.g. [1] [2]
[3]. Since we're talking about root it's not a matter of technical
impossibility, but a decision not to write the code to make it work.

From a security perspective that seems like a great improvement. Even
if it should be the case that some programs don't follow best practices
re "least privileges", at least it's not the whole application running
as root.

1: 
https://wiki.archlinux.org/index.php/Running_GUI_applications_as_root#Wayland
2: 
https://wiki.debian.org/Wayland#I.27m_accustomed_to_running_various_programs_.28e.g._synaptic.29_as_root_in_my_X_session.__How_will_this_work_under_Wayland.3F
3: 
https://fedoraproject.org/wiki/How_to_debug_Wayland_problems#Graphical_applications_can.27t_be_run_as_root_from_terminal

-- 
Malte Kraus <malte.kraus () suse com>
Security Engineer
PGP Key: 8AFC 3C58 6880 2DDD 4792  C3C2 FDBD 2984 D4C3 C2F0
SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer, Mary
Higgins, Sri Rasiah, HRB 21284 (AG Nürnberg)

Attachment: signature.asc
Description: This is a digitally signed message part