oss-sec mailing list archives
Re: Privileged File Access from Desktop Applications
From: "Perry E. Metzger" <perry () piermont com>
Date: Thu, 11 Jul 2019 09:33:26 -0400
On Thu, 11 Jul 2019 07:51:17 +0000 Malte Kraus <malte.kraus () suse com> wrote:
Hi Perry, On Tue, 2019-07-09 at 11:30 -0400, Perry E. Metzger wrote:Can you explain (or point to) a description of why this is a problem?I'm not sure what exactly breaks, just that it does, see e.g. [1] [2] [3]. Since we're talking about root it's not a matter of technical impossibility, but a decision not to write the code to make it work. From a security perspective that seems like a great improvement. Even if it should be the case that some programs don't follow best practices re "least privileges", at least it's not the whole application running as root. 1: https://wiki.archlinux.org/index.php/Running_GUI_applications_as_root#Wayland 2: https://wiki.debian.org/Wayland#I.27m_accustomed_to_running_various_programs_.28e.g._synaptic.29_as_root_in_my_X_session.__How_will_this_work_under_Wayland.3F 3: https://fedoraproject.org/wiki/How_to_debug_Wayland_problems#Graphical_applications_can.27t_be_run_as_root_from_terminal
So these links seem to say that things have been structured so you *can't* run GUI apps as root, not that there is a special or unusual security problem in Wayland if you run an application as root; if you logged in as root, you could run GUI applications as root. That's rather different from the original statement. Am I misunderstanding? Perry -- Perry E. Metzger perry () piermont com
Current thread:
- Privileged File Access from Desktop Applications Malte Kraus (Jul 09)
- Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 09)
- Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 10)
- Re: Privileged File Access from Desktop Applications Malte Kraus (Jul 11)
- Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 11)
- Re: Privileged File Access from Desktop Applications Matthias Gerstner (Jul 11)
- Re: Privileged File Access from Desktop Applications Malte Kraus (Jul 11)
- Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 11)
- Re: Privileged File Access from Desktop Applications Bob Friesenhahn (Jul 11)
- Re: Privileged File Access from Desktop Applications John Haxby (Jul 11)
- Re: Privileged File Access from Desktop Applications Simon McVittie (Jul 11)
- Re: Privileged File Access from Desktop Applications Simon McVittie (Jul 11)
- Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 11)
- Re: Privileged File Access from Desktop Applications Jordan Glover (Jul 12)
- Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 12)
- Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 09)