On Mon, 11 Aug 2014 17:27:17 +0200 Valentina Giusti <[email protected]> said:
> Hi Tizen developers! > > according to the wiki page > https://wiki.tizen.org/wiki/Security:SmackThreeDomainModel, in Tizen 3.0 > there are processes running as root. In the AMD Multi-User wiki page it > even says that the AMD daemon runs "as root as in single user mode". > > During the workshop in Vannes last week, I got the impression (or at > least I wrote so in my notes) that no process in Tizen is allowed to run > as root: at most, processes can be run as setuid root for a limited > period of time. > > Are my notes from the workshop valid or is it actually true that some > processes are run as root? i don't know what this workshop was going over, but i think it was trying to give a strong message - do not run things as root EVER. this is not strictly true. there are times when you do need to run as root, but they are rare and very special. every one of these times requires jumping through some hoops to make it happen. the reason such advice sounds so black-and-white (no root EVER!), is because in the past a lot of developers who don't know unix/linux port stuff they have to it or write new things, and it's "easier to just run as root" so they don't have to be careful, jump through hoops etc. etc. and this is something that happened to tizen early on. that and having fixed disk locations (/opt/dbspace ... need i say more) for USER data that should be in $HOME. lots of system daemons ran as a system service when they should be a user level SESSION service. -- Carsten Haitzler (The Rasterman) <[email protected]> _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
