There must be some sort of kernel lock, because if you su - twice into the 1000 user, it won't open a x window either! I'm sure there is a conservative security policy at play, and maybe writing a script to copy write and doas cp will work, but it also doesn't work if I want to write a program that doesn't suid but can open a privileged socket under systrace -c 1000:1000 ./server On Dec 2, 2015 19:44, "Vadim Zhukov" <[email protected]> wrote:
> 03 дек. 2015 г. 4:27 полÑзоваÑÐµÐ»Ñ "Luke Small" <[email protected]> > напиÑал: > > > > I want to be able to use systrace for privilege escalation for kompare > for > > sysmerge diffs and kate. Why isn't systrace able to do this? > > Because noone wrote a systrace policy for Kate and Kompare (for your > installation and user) yet? That's without mentioning that it would be hard > to restrict those applications in a correct manner: they do use a lot of > system resources by just being nice KDE apps. > > That being said, I won't expect much security problems in Kompare itself. > Kate is more complex, but still doesn't run in terminal. Thus Kompare and > Kate likely not being hurt by some crazy escape codes in patch files. > Anything else lies outside of usage profile you're talking about, if I > understood you correctly. > > -- > Vadim Zhukov
