* Steve Kinney <ad...@pilobilus.net> [04-06-18 03:15]:
> On 04/06/2018 12:05 AM, Liam R E Quin wrote:
> > On Thu, 2018-04-05 at 23:40 -0400, Steve Kinney wrote:
> >> On 04/05/2018 09:41 PM, Liam R E Quin wrote:
> >>> On Thu, 2018-04-05 at 20:42 -0400, Steve Kinney wrote:
> >>>> It /should/ be impossible for a program opened by a 'regular'
> >>>> user to
> >>>> run in superuser mode, unless the regular user enters the root
> >>>> password.
> >>> It can happen if the program's binary is owned by the root user and
> >>> is
> >>> mode u+s (set-userid).
> >>> Liam (ankh)
> >> Yikes.
> >> One "should" not allow this either, without a very good reason...
> > On most user applications, no, although
> > ls -l /usr/bin/ | grep '^[^ ]*s' | wc -l
> > gives 36 results here (many setgid rather than setuid, and not all
> > owned by root, but e.g. su, sudo, umount, all have to be root-owned and
> > suid.).
> > It's possible to disable set-userid file modes from being respected
> > using a mount option, but using that on the system partitions would
> > break yuor system.
> Ah so. My comprehension of Linux internals is only rudimentary, but
> once pointed out it's obvious that su, sudo and umount would be owned by
> root - only root can do the things they enable a user with the root
> password to do.
> A graphics editor or a wrapper for portable applications? Not so much. :D
not knowing flatpack, the package was probably installed using root
account and took the installer account perms and file locations. if
installed into root's home, would indeed have root perms, even as
illogical as that would be.
(paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri
http://en.opensuse.org openSUSE Community Member facebook/ptilopteri
Registered Linux User #207535 @ http://linuxcounter.net
Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode
gimp-user-list mailing list
List address: firstname.lastname@example.org
List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list
List archives: https://mail.gnome.org/archives/gimp-user-list