Re: On running gui applications as root

> OK, so what are the risks under Wayland? > ... > > Since the security is improved under Wayland, are non-elevated applications > still able to eavesdrop or falsify input/output of elevated applications? > The opposite direction is not that important, I think, because if you run > something as

Re: On running gui applications as root

On 11/18/2015 06:49 PM, Adam Jackson wrote: > On Tue, 2015-11-17 at 17:30 +, Andrew Haley wrote: >> On 11/02/2015 03:05 PM, Adam Jackson wrote: >>> But, why take the risk exposure, when you could simply not? >> >> How else would I edit root-owned files? I don't get it. I mean, >> I guess I

Re: On running gui applications as root

On 19 November 2015 at 03:18, Matthew Miller wrote: > On Wed, Nov 18, 2015 at 03:09:34PM -0500, Adam Jackson wrote: >> To the bug in question: probably we should make it so 'sudo gedit' does >> work, but I'd still strongly discourage anyone from actually doing so. > >

Re: On running gui applications as root

On 19 November 2015 at 15:31, Adam Jackson wrote: > On Wed, 2015-11-18 at 21:45 +, Ian Malone wrote: > >> Not really getting this. For any configuration task where you replace >> editing a root owned text file with access through some authorised >> gui, that gui is still

Re: On running gui applications as root

On Wed, 2015-11-18 at 21:45 +, Ian Malone wrote: > Not really getting this. For any configuration task where you replace > editing a root owned text file with access through some authorised > gui, that gui is still vulnerable. That gui's code, unlike emacs, doesn't allow you to write

Re: On running gui applications as root

On 11/19/2015 12:57 PM, Simon Farnsworth wrote: > On Thursday 19 Nov 2015 12:48:50 Andrew Haley wrote: >> On 11/18/2015 06:49 PM, Adam Jackson wrote: > >>> Phrased another way: no, it's not *your computer* we're talking about >>> here. The computer in question rightfully belongs to someone else;

Re: On running gui applications as root

On 11/19/2015 08:31 AM, Reindl Harald wrote: Am 19.11.2015 um 13:57 schrieb Simon Farnsworth: Put another way: "sudo emacs /etc/hosts" will break under Wayland than wayland is currently not useable and ready to replace X11 as user i don't care if the application needs to be fixed or

Re: On running gui applications as root

On 11/19/2015 01:03 PM, Simon Farnsworth wrote: > "sudo -e /etc/hosts", will ... still work Hold on, I think I may not be understanding something. If "sudo -e /etc/hosts" will still work, why won't "sudo emacs /etc/hosts" ? Andrew. -- devel mailing list devel@lists.fedoraproject.org

Re: On running gui applications as root

On Thursday 19 Nov 2015 13:56:32 Andrew Haley wrote: > On 11/19/2015 01:03 PM, Simon Farnsworth wrote: > > "sudo -e /etc/hosts", will ... still work > > Hold on, I think I may not be understanding something. If "sudo -e > /etc/hosts" will still work, why won't "sudo emacs /etc/hosts" ? > >

Re: On running gui applications as root

On Thursday 19 Nov 2015 12:48:50 Andrew Haley wrote: > On 11/18/2015 06:49 PM, Adam Jackson wrote: > > Phrased another way: no, it's not *your computer* we're talking about > > here. The computer in question rightfully belongs to someone else; we > > are here discussing how to be responsible for

Re: On running gui applications as root

Am 19.11.2015 um 13:57 schrieb Simon Farnsworth: Put another way: "sudo emacs /etc/hosts" will break under Wayland than wayland is currently not useable and ready to replace X11 as user i don't care if the application needs to be fixed or wayland lacks whatever but given that there are a

Re: On running gui applications as root

On Tue, 2015-11-17 at 17:30 +, Andrew Haley wrote: > On 11/02/2015 03:05 PM, Adam Jackson wrote: > > But, why take the risk exposure, when you could simply not? > > How else would I edit root-owned files?  I don't get it.  I mean, > I guess I could run an editor in a text window, but I don't

Re: On running gui applications as root

On Wed, 2015-11-18 at 11:53 -0800, Andrew Lutomirski wrote: > I don't understand.  If a user who has the right to act as root asks > to authorize a program to run as root on their behalf, we should grant > that request.  And, once we grant it, we shouldn't be > passive-aggressive and say "sure

Re: On running gui applications as root

On Wed, Nov 18, 2015 at 10:49 AM, Adam Jackson wrote: > On Tue, 2015-11-17 at 17:30 +, Andrew Haley wrote: >> On 11/02/2015 03:05 PM, Adam Jackson wrote: >> > But, why take the risk exposure, when you could simply not? >> >> How else would I edit root-owned files? I don't

Re: On running gui applications as root

On Wed, 2015-11-18 at 15:09 -0500, Adam Jackson wrote: > On Wed, 2015-11-18 at 11:53 -0800, Andrew Lutomirski wrote: > > > I don't understand.  If a user who has the right to act as root asks > > to authorize a program to run as root on their behalf, we should grant > > that request.  And, once

Re: On running gui applications as root

2015-11-18 21:24 GMT+01:00 Adam Williamson : > On Wed, 2015-11-18 at 15:09 -0500, Adam Jackson wrote: >> On Wed, 2015-11-18 at 11:53 -0800, Andrew Lutomirski wrote: >> >> > I don't understand. If a user who has the right to act as root asks >> > to authorize a program

Re: On running gui applications as root

On Wed, Nov 18, 2015 at 12:24 PM, Adam Williamson wrote: > On Wed, 2015-11-18 at 15:09 -0500, Adam Jackson wrote: >> On Wed, 2015-11-18 at 11:53 -0800, Andrew Lutomirski wrote: >> >> > I don't understand. If a user who has the right to act as root asks >> > to

Re: On running gui applications as root

> Hi, > > > It's certainly the case that *gnome* might do something ridiculous if > > you 'sudo gedit' something, but 'sudo emacs' really ought to be > > equally acceptable regardless of whether you're using the terminal or > > X frontend. > emacs is probably okay, just by virtue of the fact that

Re: On running gui applications as root

On 18 November 2015 at 20:24, Adam Williamson wrote: > On Wed, 2015-11-18 at 15:09 -0500, Adam Jackson wrote: >> On Wed, 2015-11-18 at 11:53 -0800, Andrew Lutomirski wrote: >> >> > I don't understand. If a user who has the right to act as root asks >> > to authorize a

Re: On running gui applications as root

Am 19.11.2015 um 01:00 schrieb Reindl Harald: Am 19.11.2015 um 00:57 schrieb Ian Malone: On 18 November 2015 at 23:38, Reindl Harald wrote: Am 18.11.2015 um 19:49 schrieb Adam Jackson: That's kind of a non sequitur. To a first order, there are zero root- owned

Re: On running gui applications as root

Am 18.11.2015 um 19:49 schrieb Adam Jackson: On Tue, 2015-11-17 at 17:30 +, Andrew Haley wrote: On 11/02/2015 03:05 PM, Adam Jackson wrote: But, why take the risk exposure, when you could simply not? How else would I edit root-owned files? I don't get it. I mean, I guess I could run

Re: On running gui applications as root

On 18 November 2015 at 23:38, Reindl Harald wrote: > > > Am 18.11.2015 um 19:49 schrieb Adam Jackson: >> >> On Tue, 2015-11-17 at 17:30 +, Andrew Haley wrote: >>> >>> On 11/02/2015 03:05 PM, Adam Jackson wrote: But, why take the risk exposure, when you could

Re: On running gui applications as root

On 18 November 2015 at 20:09, Adam Jackson wrote: > On Wed, 2015-11-18 at 11:53 -0800, Andrew Lutomirski wrote: > >> I don't understand. If a user who has the right to act as root asks >> to authorize a program to run as root on their behalf, we should grant >> that request.

Re: On running gui applications as root

Am 18.11.2015 um 21:09 schrieb Adam Jackson: On Wed, 2015-11-18 at 11:53 -0800, Andrew Lutomirski wrote: I don't understand. If a user who has the right to act as root asks to authorize a program to run as root on their behalf, we should grant that request. And, once we grant it, we

Re: On running gui applications as root

Am 19.11.2015 um 00:57 schrieb Ian Malone: On 18 November 2015 at 23:38, Reindl Harald wrote: Am 18.11.2015 um 19:49 schrieb Adam Jackson: On Tue, 2015-11-17 at 17:30 +, Andrew Haley wrote: On 11/02/2015 03:05 PM, Adam Jackson wrote: But, why take the risk

Re: On running gui applications as root

On Wed, Nov 18, 2015 at 03:09:34PM -0500, Adam Jackson wrote: > To the bug in question: probably we should make it so 'sudo gedit' does > work, but I'd still strongly discourage anyone from actually doing so. Actually, there's a better way. The authors of sudo already considered this. Set

Re: On running gui applications as root

On 11/02/2015 03:05 PM, Adam Jackson wrote: > But, why take the risk exposure, when you could simply not? How else would I edit root-owned files? I don't get it. I mean, I guess I could run an editor in a text window, but I don't want to do that. And I have no idea how to run things like

Re: On running gui applications as root

2015-11-17 20:07 GMT+02:00 Reindl Harald : > depends on what the application is supposed to do and if you want a global > setup instead only in the userhome for every user > > installing in your userhome has another disadvantage: you are running all > day long a application

Re: On running gui applications as root

On 17/11/15 18:11, Andrew Haley wrote: On 11/17/2015 05:55 PM, Joonas Sarajärvi wrote: My impression is that by default in fedora, virt-manager runs as non-root. I guess it might ask for the root password in order to manage the libvirtd that runs as privileged mode, but even in that case the

Re: On running gui applications as root

On 10/30/2015 10:48 PM, Adam Jackson wrote: > Anyone running any X (or wayland) application as root in their desktop > session is completely bonkers and deserves every consequence of their > poor decision. Doesn't most proprietary software come with GUI installers? Florian -- devel mailing list

Re: On running gui applications as root

Hi, 2015-11-17 19:30 GMT+02:00 Andrew Haley : > And I have no idea how to run things like virt-manager without root. My impression is that by default in fedora, virt-manager runs as non-root. I guess it might ask for the root password in order to manage the libvirtd that runs as

Re: On running gui applications as root

2015-11-17 19:56 GMT+02:00 Florian Weimer : > Doesn't most proprietary software come with GUI installers? No idea if "most" are, but at least I have seen many proprietary programs that do not require a GUI in installation. Also in many cases where there is a GUI installer, it

Re: On running gui applications as root

Am 17.11.2015 um 19:04 schrieb Joonas Sarajärvi: 2015-11-17 19:56 GMT+02:00 Florian Weimer : Doesn't most proprietary software come with GUI installers? No idea if "most" are, but at least I have seen many proprietary programs that do not require a GUI in installation.

Re: On running gui applications as root

Am 17.11.2015 um 18:56 schrieb Florian Weimer: On 10/30/2015 10:48 PM, Adam Jackson wrote: Anyone running any X (or wayland) application as root in their desktop session is completely bonkers and deserves every consequence of their poor decision. Doesn't most proprietary software come with

Re: On running gui applications as root

On 11/17/2015 05:55 PM, Joonas Sarajärvi wrote: > My impression is that by default in fedora, virt-manager runs as > non-root. I guess it might ask for the root password in order to > manage the libvirtd that runs as privileged mode, but even in that > case the user interface would run as your

Re: On running gui applications as root

On 11/17/2015 06:25 PM, Tom Hughes wrote: > On 17/11/15 18:11, Andrew Haley wrote: >> On 11/17/2015 05:55 PM, Joonas Sarajärvi wrote: >>> My impression is that by default in fedora, virt-manager runs as >>> non-root. I guess it might ask for the root password in order to >>> manage the libvirtd

Re: On running gui applications as root

On Fri, 2015-10-30 at 14:58 -0700, Andrew Lutomirski wrote: > On Fri, Oct 30, 2015 at 2:48 PM, Adam Jackson wrote: > > > > Anyone running any X (or wayland) application as root in their desktop > > session is completely bonkers and deserves every consequence of their > > poor

Re: On running gui applications as root

On Nov 2, 2015 7:05 AM, "Adam Jackson" wrote: > > On Fri, 2015-10-30 at 14:58 -0700, Andrew Lutomirski wrote: > > On Fri, Oct 30, 2015 at 2:48 PM, Adam Jackson wrote: > > > > > > Anyone running any X (or wayland) application as root in their desktop > > >

Re: On running gui applications as root

Hi, > It's certainly the case that *gnome* might do something ridiculous if > you 'sudo gedit' something, but 'sudo emacs' really ought to be > equally acceptable regardless of whether you're using the terminal or > X frontend. emacs is probably okay, just by virtue of the fact that if the admin

Re: On running gui applications as root

On Fri, Oct 30, 2015 at 2:48 PM, Adam Jackson wrote: > On Fri, 2015-10-30 at 11:41 -0400, John Dulaney wrote: > >> As Halfline points out, the decision needs to be made whether to allow >> gui applications to be run as root. I figured I'd bring this up for >> discussion in the

Re: On running gui applications as root

On Fri, 2015-10-30 at 11:41 -0400, John Dulaney wrote: > As Halfline points out, the decision needs to be made whether to allow > gui applications to be run as root.  I figured I'd bring this up for > discussion in the hopes that a decision may be made whether or not to > allow this. Anyone

On running gui applications as root

Recently, I filed a bug (1274451) about running virt-manager on Wayland. As it turns out that this is applicable to running gui applications as root on Wayland in general, the scope was changed (see Cole's comments). As Halfline points out, the decision needs to be made whether to allow gui

Re: On running gui applications as root

- Original Message - > Recently, I filed a bug (1274451) about running virt-manager on Wayland. > As it turns out that this is applicable to running gui applications as > root on Wayland in general, the scope was changed (see Cole's comments). > > As Halfline points ou