Re: [Gimp-user] The GIMP opens in superuser mode
Hi! On Fri, Apr 6, 2018 at 3:26 PM, Leslie Katzwrote: > On 2018-04-06 08:14 AM, Jehan Pagès wrote: > > > > For the record, I opened a bug report at flatpak (I searched and could not > find an existing one): https://github.com/flatpak/flatpak/issues/1557 > > > Thank you for letting me know. I'm sure it would have been beyond me to do > it myself! > Actually it's not beyond anyone. It is just about politely asking about a problem, just like you did on this mailing list. ;-) By the way, are you using the Mate desktop as well, or another desktop? As you may see, flatpak people closed the bug report saying this is just a detection bug from Mate, which is "fun" because Mate closed its own report saying flatpak and firejail (another sandbox system, if I got it right?) had to fix this on their side. Well in the end, not sure when it will get fixed. I feel like someone needs to push a bit (yet still nicely/politely) here or there. :-D Jehan > > Best wishes, > > Leslie > > -- > > Leslie Katz > > email: lesliek [at] mymts [dot] net > > Please visit http://ssrn.com/author=1164057 to find hyperlinks > > to papers that I’ve written on literary and legal topics > -- ZeMarmot open animation film http://film.zemarmot.net Liberapay: https://liberapay.com/ZeMarmot/ Patreon: https://patreon.com/zemarmot Tipeee: https://www.tipeee.com/zemarmot ___ gimp-user-list mailing list List address:gimp-user-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list List archives: https://mail.gnome.org/archives/gimp-user-list
Re: [Gimp-user] The GIMP opens in superuser mode
* Steve Kinney[04-06-18 03:15]: > > > On 04/06/2018 12:05 AM, Liam R E Quin wrote: > > On Thu, 2018-04-05 at 23:40 -0400, Steve Kinney wrote: > >> > >> On 04/05/2018 09:41 PM, Liam R E Quin wrote: > >>> On Thu, 2018-04-05 at 20:42 -0400, Steve Kinney wrote: > > It /should/ be impossible for a program opened by a 'regular' > user to > run in superuser mode, unless the regular user enters the root > password. > >>> > >>> It can happen if the program's binary is owned by the root user and > >>> is > >>> mode u+s (set-userid). > >>> > >>> Liam (ankh) > >> > >> Yikes. > >> > >> One "should" not allow this either, without a very good reason... > > > > On most user applications, no, although > > ls -l /usr/bin/ | grep '^[^ ]*s' | wc -l > > gives 36 results here (many setgid rather than setuid, and not all > > owned by root, but e.g. su, sudo, umount, all have to be root-owned and > > suid.). > > > > It's possible to disable set-userid file modes from being respected > > using a mount option, but using that on the system partitions would > > break yuor system. > > Ah so. My comprehension of Linux internals is only rudimentary, but > once pointed out it's obvious that su, sudo and umount would be owned by > root - only root can do the things they enable a user with the root > password to do. > > A graphics editor or a wrapper for portable applications? Not so much. :D not knowing flatpack, the package was probably installed using root account and took the installer account perms and file locations. if installed into root's home, would indeed have root perms, even as illogical as that would be. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.orgopenSUSE Community Memberfacebook/ptilopteri Registered Linux User #207535@ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode ___ gimp-user-list mailing list List address:gimp-user-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list List archives: https://mail.gnome.org/archives/gimp-user-list
Re: [Gimp-user] The GIMP opens in superuser mode
On 04/06/2018 12:05 AM, Liam R E Quin wrote: > On Thu, 2018-04-05 at 23:40 -0400, Steve Kinney wrote: >> >> On 04/05/2018 09:41 PM, Liam R E Quin wrote: >>> On Thu, 2018-04-05 at 20:42 -0400, Steve Kinney wrote: It /should/ be impossible for a program opened by a 'regular' user to run in superuser mode, unless the regular user enters the root password. >>> >>> It can happen if the program's binary is owned by the root user and >>> is >>> mode u+s (set-userid). >>> >>> Liam (ankh) >> >> Yikes. >> >> One "should" not allow this either, without a very good reason... > > On most user applications, no, although > ls -l /usr/bin/ | grep '^[^ ]*s' | wc -l > gives 36 results here (many setgid rather than setuid, and not all > owned by root, but e.g. su, sudo, umount, all have to be root-owned and > suid.). > > It's possible to disable set-userid file modes from being respected > using a mount option, but using that on the system partitions would > break yuor system. Ah so. My comprehension of Linux internals is only rudimentary, but once pointed out it's obvious that su, sudo and umount would be owned by root - only root can do the things they enable a user with the root password to do. A graphics editor or a wrapper for portable applications? Not so much. :D ___ gimp-user-list mailing list List address:gimp-user-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list List archives: https://mail.gnome.org/archives/gimp-user-list
Re: [Gimp-user] The GIMP opens in superuser mode
On Thu, 2018-04-05 at 23:40 -0400, Steve Kinney wrote: > > On 04/05/2018 09:41 PM, Liam R E Quin wrote: > > On Thu, 2018-04-05 at 20:42 -0400, Steve Kinney wrote: > > > > > > It /should/ be impossible for a program opened by a 'regular' > > > user to > > > run in superuser mode, unless the regular user enters the root > > > password. > > > > It can happen if the program's binary is owned by the root user and > > is > > mode u+s (set-userid). > > > > Liam (ankh) > > Yikes. > > One "should" not allow this either, without a very good reason... On most user applications, no, although ls -l /usr/bin/ | grep '^[^ ]*s' | wc -l gives 36 results here (many setgid rather than setuid, and not all owned by root, but e.g. su, sudo, umount, all have to be root-owned and suid.). It's possible to disable set-userid file modes from being respected using a mount option, but using that on the system partitions would break yuor system. -- Liam Quin - web slave for https://www.fromoldbooks.org/ with fabulous vintage art and fascinating texts to read. Click here to have the slave beaten. ___ gimp-user-list mailing list List address:gimp-user-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list List archives: https://mail.gnome.org/archives/gimp-user-list
Re: [Gimp-user] The GIMP opens in superuser mode
On 04/05/2018 09:41 PM, Liam R E Quin wrote: > On Thu, 2018-04-05 at 20:42 -0400, Steve Kinney wrote: >> >> It /should/ be impossible for a program opened by a 'regular' user to >> run in superuser mode, unless the regular user enters the root >> password. > > It can happen if the program's binary is owned by the root user and is > mode u+s (set-userid). > > Liam (ankh) Yikes. One "should" not allow this either, without a very good reason... :D ___ gimp-user-list mailing list List address:gimp-user-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list List archives: https://mail.gnome.org/archives/gimp-user-list
Re: [Gimp-user] The GIMP opens in superuser mode
On Thu, 2018-04-05 at 20:42 -0400, Steve Kinney wrote: > > It /should/ be impossible for a program opened by a 'regular' user to > run in superuser mode, unless the regular user enters the root > password. It can happen if the program's binary is owned by the root user and is mode u+s (set-userid). Liam (ankh) -- Liam Quin - web slave for https://www.fromoldbooks.org/ with fabulous vintage art and fascinating texts to read. Click here to have the slave punished or rewarded. ___ gimp-user-list mailing list List address:gimp-user-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list List archives: https://mail.gnome.org/archives/gimp-user-list
Re: [Gimp-user] The GIMP opens in superuser mode
On 04/03/2018 01:47 PM, Leslie Katz wrote: > Apologies. I couldn't figure out how to reply directly to my own earlier > message, so I'm doing so by a fresh post with the same title as my > original post, in case anyone should be helped by my reply. > > The GIMP says in its title bar that it's running in superuser mode, but > I've now found that it really isn't. Its wrongly saying so is a function > of its having been installed through flatpak. > > Leslie Wow, that's kind of scary. If any doubt remains, I would try to save an XCF file in a directory users can't write to, say /dev, and see what happens. It /should/ be impossible for a program opened by a 'regular' user to run in superuser mode, unless the regular user enters the root password. It that can be done, it means the whole operating system is compromised and needs reinstalled yesterday if not sooner. :o) ___ gimp-user-list mailing list List address:gimp-user-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list List archives: https://mail.gnome.org/archives/gimp-user-list
Re: [Gimp-user] The GIMP opens in superuser mode
Hello, On Tue, Apr 3, 2018 at 7:47 PM, Leslie Katzwrote: > Apologies. I couldn't figure out how to reply directly to my own earlier > message, so I'm doing so by a fresh post with the same title as my original > post, in case anyone should be helped by my reply. > > The GIMP says in its title bar that it's running in superuser mode, but > I've now found that it really isn't. Its wrongly saying so is a function of > its having been installed through flatpak. > I saw in your other email that you use Ubuntu. Is it a feature of Ubuntu to tell when a software is run as superuser? In any case, I have no idea about this issue. Does that say the same thing with other flatpak-installed software or only GIMP? Jehan > > Leslie > > -- > > Leslie Katz > > email: lesliek [at] mymts [dot] net > > Please visit http://ssrn.com/author=1164057 to find hyperlinks > > to papers that I’ve written on literary and legal topics > ___ > gimp-user-list mailing list > List address:gimp-user-list@gnome.org > List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list > List archives: https://mail.gnome.org/archives/gimp-user-list -- ZeMarmot open animation film http://film.zemarmot.net Liberapay: https://liberapay.com/ZeMarmot/ Patreon: https://patreon.com/zemarmot Tipeee: https://www.tipeee.com/zemarmot ___ gimp-user-list mailing list List address:gimp-user-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list List archives: https://mail.gnome.org/archives/gimp-user-list
[Gimp-user] The GIMP opens in superuser mode
Apologies. I couldn't figure out how to reply directly to my own earlier message, so I'm doing so by a fresh post with the same title as my original post, in case anyone should be helped by my reply. The GIMP says in its title bar that it's running in superuser mode, but I've now found that it really isn't. Its wrongly saying so is a function of its having been installed through flatpak. Leslie -- Leslie Katz email: lesliek [at] mymts [dot] net Please visit http://ssrn.com/author=1164057 to find hyperlinks to papers that I’ve written on literary and legal topics ___ gimp-user-list mailing list List address:gimp-user-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list List archives: https://mail.gnome.org/archives/gimp-user-list
[Gimp-user] The GIMP opens in superuser mode
I installed the GIMP on a computer running Ubuntu 16.04. I used flatpak to do so. When I open the GIMP, it says GIMP "as superuser". What do I need to change so that I can run the GIMP as an ordinary user? Thanks for any assistance, Leslie -- Leslie Katz email: lesliek [at] mymts [dot] net Please visit http://ssrn.com/author=1164057 to find hyperlinks to papers that I’ve written on literary and legal topics ___ gimp-user-list mailing list List address:gimp-user-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list List archives: https://mail.gnome.org/archives/gimp-user-list