Le 14/02/2020 à 22:01, Rick Moen a écrit :
Quoting Didier Kryn (k...@in2p3.fr):

AFAIR sudo does not transmit the X session. I heard years ago
of something called sudox. Dunno if it is available somewhere. I
dislike pkexec [...]
You're a man of wise instincts, Didier.  ;->

    Thanks :~) This is because the policykit paradigm conflicts with traditional Unix.

    Unix has built-in means of authentication which are perfectly adequate. Nevertheless, the policykit machinery bypasses them to introduce its own methods, aledgedly to make it easier.

    Making day life easier is the usual way for dangerous technologies to get accepted. Eg facial recognition allows people to withdraw money from cash machines without a credit card, but it also allows global surveillance.

    Similarly, and more globally, Systemd is a big parasite making Linux behave differently of what it does natively. This is not a byproduct, this is the goal.

Here's a Linuxmafia.com Knowledgebase article I try to bring up to date
every couple of years:

'Root w/X11' onhttp://linuxmafia.com/kb/Security/ (direct linkhttp://linuxmafia.com/faq/Security/root-with-x11.html).

I'm_personally_  a long-term fan of the first option mentioned which is:

   "ssh -Y root@localhost" (requires local sshd)

    I retain from the link above the simple solution which is to add these lines into root 's .bashrc:

if [ ! "$LOGNAME" = "root" ]; then
export XAUTHORITY=/home/$LOGNAME/.Xauthority

    The only defect of this solution is that it doesn't come out of the box or by installing a package; instead it is an active hack by the admin.


Dng mailing list

Reply via email to