Re: [Gimp-user] The GIMP opens in superuser mode

2018-04-06 Thread Jehan Pagès 
Hi!

On Fri, Apr 6, 2018 at 3:26 PM, Leslie Katz  wrote:

> On 2018-04-06 08:14 AM, Jehan Pagès wrote:
>
>
>
> For the record, I opened a bug report at flatpak (I searched and could not
> find an existing one): https://github.com/flatpak/flatpak/issues/1557
>
>
> Thank you for letting me know. I'm sure it would have been beyond me to do
> it myself!
>

Actually it's not beyond anyone. It is just about politely asking about a
problem, just like you did on this mailing list. ;-)

By the way, are you using the Mate desktop as well, or another desktop?
As you may see, flatpak people closed the bug report saying this is just a
detection bug from Mate, which is "fun" because Mate closed its own report
saying flatpak and firejail (another sandbox system, if I got it right?)
had to fix this on their side.
Well in the end, not sure when it will get fixed. I feel like someone needs
to push a bit (yet still nicely/politely) here or there. :-D

Jehan


>
> Best wishes,
>
> Leslie
>
> --
>
> Leslie Katz
>
> email: lesliek [at] mymts [dot] net
>
> Please visit http://ssrn.com/author=1164057 to find hyperlinks
>
> to papers that I’ve written on literary and legal topics
>



-- 
ZeMarmot open animation film
http://film.zemarmot.net
Liberapay: https://liberapay.com/ZeMarmot/
Patreon: https://patreon.com/zemarmot
Tipeee: https://www.tipeee.com/zemarmot
___
gimp-user-list mailing list
List address:gimp-user-list@gnome.org
List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list
List archives:   https://mail.gnome.org/archives/gimp-user-list

Re: [Gimp-user] The GIMP opens in superuser mode

2018-04-06 Thread Patrick Shanahan 
* Steve Kinney  [04-06-18 03:15]:
> 
> 
> On 04/06/2018 12:05 AM, Liam R E Quin wrote:
> > On Thu, 2018-04-05 at 23:40 -0400, Steve Kinney wrote:
> >>
> >> On 04/05/2018 09:41 PM, Liam R E Quin wrote:
> >>> On Thu, 2018-04-05 at 20:42 -0400, Steve Kinney wrote:
> 
>  It /should/ be impossible for a program opened by a 'regular'
>  user to
>  run in superuser mode, unless the regular user enters the root
>  password.
> >>>
> >>> It can happen if the program's binary is owned by the root user and
> >>> is
> >>> mode u+s (set-userid).
> >>>
> >>> Liam (ankh)
> >>
> >> Yikes.
> >>
> >> One "should" not allow this either, without a very good reason...
> > 
> > On most user applications, no, although
> > ls -l /usr/bin/ | grep '^[^ ]*s' | wc -l
> > gives 36 results here (many setgid rather than setuid, and not all
> > owned by root, but e.g. su, sudo, umount, all have to be root-owned and
> > suid.).
> > 
> > It's possible to disable set-userid file modes from being respected
> > using a mount option, but using that on the system partitions would
> > break yuor system.
> 
> Ah so.  My comprehension of Linux internals is only rudimentary, but
> once pointed out it's obvious that su, sudo and umount would be owned by
> root - only root can do the things they enable a user with the root
> password to do.
> 
> A graphics editor or a wrapper for portable applications?  Not so much.  :D

not knowing flatpack, the package was probably installed using root
account and took the installer account perms and file locations.  if
installed into root's home, would indeed have root perms, even as
illogical as that would be.

-- 
(paka)Patrick Shanahan   Plainfield, Indiana, USA  @ptilopteri
http://en.opensuse.orgopenSUSE Community Memberfacebook/ptilopteri
Registered Linux User #207535@ http://linuxcounter.net
Photos: http://wahoo.no-ip.org/piwigo   paka @ IRCnet freenode
___
gimp-user-list mailing list
List address:gimp-user-list@gnome.org
List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list
List archives:   https://mail.gnome.org/archives/gimp-user-list

Re: [Gimp-user] The GIMP opens in superuser mode

2018-04-06 Thread Steve Kinney 


On 04/06/2018 12:05 AM, Liam R E Quin wrote:
> On Thu, 2018-04-05 at 23:40 -0400, Steve Kinney wrote:
>>
>> On 04/05/2018 09:41 PM, Liam R E Quin wrote:
>>> On Thu, 2018-04-05 at 20:42 -0400, Steve Kinney wrote:

 It /should/ be impossible for a program opened by a 'regular'
 user to
 run in superuser mode, unless the regular user enters the root
 password.
>>>
>>> It can happen if the program's binary is owned by the root user and
>>> is
>>> mode u+s (set-userid).
>>>
>>> Liam (ankh)
>>
>> Yikes.
>>
>> One "should" not allow this either, without a very good reason...
> 
> On most user applications, no, although
> ls -l /usr/bin/ | grep '^[^ ]*s' | wc -l
> gives 36 results here (many setgid rather than setuid, and not all
> owned by root, but e.g. su, sudo, umount, all have to be root-owned and
> suid.).
> 
> It's possible to disable set-userid file modes from being respected
> using a mount option, but using that on the system partitions would
> break yuor system.

Ah so.  My comprehension of Linux internals is only rudimentary, but
once pointed out it's obvious that su, sudo and umount would be owned by
root - only root can do the things they enable a user with the root
password to do.

A graphics editor or a wrapper for portable applications?  Not so much.  :D



___
gimp-user-list mailing list
List address:gimp-user-list@gnome.org
List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list
List archives:   https://mail.gnome.org/archives/gimp-user-list

Re: [Gimp-user] The GIMP opens in superuser mode

2018-04-05 Thread Liam R E Quin 
On Thu, 2018-04-05 at 23:40 -0400, Steve Kinney wrote:
> 
> On 04/05/2018 09:41 PM, Liam R E Quin wrote:
> > On Thu, 2018-04-05 at 20:42 -0400, Steve Kinney wrote:
> > > 
> > > It /should/ be impossible for a program opened by a 'regular'
> > > user to
> > > run in superuser mode, unless the regular user enters the root
> > > password.
> > 
> > It can happen if the program's binary is owned by the root user and
> > is
> > mode u+s (set-userid).
> > 
> > Liam (ankh)
> 
> Yikes.
> 
> One "should" not allow this either, without a very good reason...

On most user applications, no, although
ls -l /usr/bin/ | grep '^[^ ]*s' | wc -l
gives 36 results here (many setgid rather than setuid, and not all
owned by root, but e.g. su, sudo, umount, all have to be root-owned and
suid.).

It's possible to disable set-userid file modes from being respected
using a mount option, but using that on the system partitions would
break yuor system.


-- 
Liam Quin - web slave for https://www.fromoldbooks.org/
with fabulous vintage art and fascinating texts to read.
Click here to have the slave beaten.
___
gimp-user-list mailing list
List address:gimp-user-list@gnome.org
List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list
List archives:   https://mail.gnome.org/archives/gimp-user-list

Re: [Gimp-user] The GIMP opens in superuser mode

2018-04-05 Thread Steve Kinney 


On 04/05/2018 09:41 PM, Liam R E Quin wrote:
> On Thu, 2018-04-05 at 20:42 -0400, Steve Kinney wrote:
>>
>> It /should/ be impossible for a program opened by a 'regular' user to
>> run in superuser mode, unless the regular user enters the root
>> password.
> 
> It can happen if the program's binary is owned by the root user and is
> mode u+s (set-userid).
> 
> Liam (ankh)

Yikes.

One "should" not allow this either, without a very good reason...

:D


___
gimp-user-list mailing list
List address:gimp-user-list@gnome.org
List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list
List archives:   https://mail.gnome.org/archives/gimp-user-list

Re: [Gimp-user] The GIMP opens in superuser mode

2018-04-05 Thread Liam R E Quin 
On Thu, 2018-04-05 at 20:42 -0400, Steve Kinney wrote:
> 
> It /should/ be impossible for a program opened by a 'regular' user to
> run in superuser mode, unless the regular user enters the root
> password.

It can happen if the program's binary is owned by the root user and is
mode u+s (set-userid).

Liam (ankh)


-- 
Liam Quin - web slave for https://www.fromoldbooks.org/
with fabulous vintage art and fascinating texts to read.

Click here to have the slave punished or rewarded.
___
gimp-user-list mailing list
List address:gimp-user-list@gnome.org
List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list
List archives:   https://mail.gnome.org/archives/gimp-user-list

Re: [Gimp-user] The GIMP opens in superuser mode

2018-04-05 Thread Steve Kinney 


On 04/03/2018 01:47 PM, Leslie Katz wrote:
> Apologies. I couldn't figure out how to reply directly to my own earlier
> message, so I'm doing so by a fresh post with the same title as my
> original post, in case anyone should be helped by my reply.
> 
> The GIMP says in its title bar that it's running in superuser mode, but
> I've now found that it really isn't. Its wrongly saying so is a function
> of its having been installed through flatpak.
> 
> Leslie

Wow, that's kind of scary.  If any doubt remains, I would try to save an
XCF file in a directory users can't write to, say /dev, and see what
happens.

It /should/ be impossible for a program opened by a 'regular' user to
run in superuser mode, unless the regular user enters the root password.
 It that can be done, it means the whole operating system is compromised
and needs reinstalled yesterday if not sooner.

:o)


___
gimp-user-list mailing list
List address:gimp-user-list@gnome.org
List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list
List archives:   https://mail.gnome.org/archives/gimp-user-list

Re: [Gimp-user] The GIMP opens in superuser mode

2018-04-05 Thread Jehan Pagès 
Hello,

On Tue, Apr 3, 2018 at 7:47 PM, Leslie Katz  wrote:

> Apologies. I couldn't figure out how to reply directly to my own earlier
> message, so I'm doing so by a fresh post with the same title as my original
> post, in case anyone should be helped by my reply.
>
> The GIMP says in its title bar that it's running in superuser mode, but
> I've now found that it really isn't. Its wrongly saying so is a function of
> its having been installed through flatpak.
>

I saw in your other email that you use Ubuntu. Is it a feature of Ubuntu to
tell when a software is run as superuser?
In any case, I have no idea about this issue. Does that say the same thing
with other flatpak-installed software or only GIMP?

Jehan



>
> Leslie
>
> --
>
> Leslie Katz
>
> email: lesliek [at] mymts [dot] net
>
> Please visit http://ssrn.com/author=1164057 to find hyperlinks
>
> to papers that I’ve written on literary and legal topics
> ___
> gimp-user-list mailing list
> List address:gimp-user-list@gnome.org
> List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list
> List archives:   https://mail.gnome.org/archives/gimp-user-list




-- 
ZeMarmot open animation film
http://film.zemarmot.net
Liberapay: https://liberapay.com/ZeMarmot/
Patreon: https://patreon.com/zemarmot
Tipeee: https://www.tipeee.com/zemarmot
___
gimp-user-list mailing list
List address:gimp-user-list@gnome.org
List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list
List archives:   https://mail.gnome.org/archives/gimp-user-list

[Gimp-user] The GIMP opens in superuser mode

2018-04-03 Thread Leslie Katz 
Apologies. I couldn't figure out how to reply directly to my own earlier 
message, so I'm doing so by a fresh post with the same title as my 
original post, in case anyone should be helped by my reply.


The GIMP says in its title bar that it's running in superuser mode, but 
I've now found that it really isn't. Its wrongly saying so is a function 
of its having been installed through flatpak.


Leslie

--

Leslie Katz

email: lesliek [at] mymts [dot] net

Please visit http://ssrn.com/author=1164057 to find hyperlinks

to papers that I’ve written on literary and legal topics
___
gimp-user-list mailing list
List address:gimp-user-list@gnome.org
List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list
List archives:   https://mail.gnome.org/archives/gimp-user-list

[Gimp-user] The GIMP opens in superuser mode

2018-04-02 Thread Leslie Katz 
I installed the GIMP on a computer running Ubuntu 16.04. I used flatpak 
to do so. When I open the GIMP, it says GIMP "as superuser".


What do I need to change so that I can run the GIMP as an ordinary user?

Thanks for any assistance,

Leslie


--

Leslie Katz

email: lesliek [at] mymts [dot] net

Please visit http://ssrn.com/author=1164057 to find hyperlinks

to papers that I’ve written on literary and legal topics
___
gimp-user-list mailing list
List address:gimp-user-list@gnome.org
List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list
List archives:   https://mail.gnome.org/archives/gimp-user-list