oss-sec mailing list archives
Re: Privileged File Access from Desktop Applications
From: Malte Kraus <malte.kraus () suse com>
Date: Thu, 11 Jul 2019 07:51:17 +0000
Hi Perry, On Tue, 2019-07-09 at 11:30 -0400, Perry E. Metzger wrote:
Can you explain (or point to) a description of why this is a problem?
I'm not sure what exactly breaks, just that it does, see e.g. [1] [2] [3]. Since we're talking about root it's not a matter of technical impossibility, but a decision not to write the code to make it work. From a security perspective that seems like a great improvement. Even if it should be the case that some programs don't follow best practices re "least privileges", at least it's not the whole application running as root. 1: https://wiki.archlinux.org/index.php/Running_GUI_applications_as_root#Wayland 2: https://wiki.debian.org/Wayland#I.27m_accustomed_to_running_various_programs_.28e.g._synaptic.29_as_root_in_my_X_session.__How_will_this_work_under_Wayland.3F 3: https://fedoraproject.org/wiki/How_to_debug_Wayland_problems#Graphical_applications_can.27t_be_run_as_root_from_terminal -- Malte Kraus <malte.kraus () suse com> Security Engineer PGP Key: 8AFC 3C58 6880 2DDD 4792 C3C2 FDBD 2984 D4C3 C2F0 SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer, Mary Higgins, Sri Rasiah, HRB 21284 (AG Nürnberg)
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Privileged File Access from Desktop Applications Malte Kraus (Jul 09)
- Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 09)
- Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 10)
- Re: Privileged File Access from Desktop Applications Malte Kraus (Jul 11)
- Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 11)
- Re: Privileged File Access from Desktop Applications Matthias Gerstner (Jul 11)
- Re: Privileged File Access from Desktop Applications Malte Kraus (Jul 11)
- Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 11)
- Re: Privileged File Access from Desktop Applications Bob Friesenhahn (Jul 11)
- Re: Privileged File Access from Desktop Applications John Haxby (Jul 11)
- Re: Privileged File Access from Desktop Applications Simon McVittie (Jul 11)
- Re: Privileged File Access from Desktop Applications Simon McVittie (Jul 11)
- Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 11)
- Re: Privileged File Access from Desktop Applications Jordan Glover (Jul 12)
- Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 09)