Hi,
> It's certainly the case that *gnome* might do something ridiculous if
> you 'sudo gedit' something, but 'sudo emacs' really ought to be
> equally acceptable regardless of whether you're using the terminal or
> X frontend.
emacs is probably okay, just by virtue of the fact that if the admin gives
the user the right to run emacs as root, they almost definitely trust the
user with general root access.
In that same light, it's probably fine if the user running sudo has full
access to sudo anyway, but it's considerable riskier if it's a restricted
sudo configuration or say consolehelper (or worse a setuid application!).
The problem is that X is a big api and it's designed with the notion that
everyone who has access to the display is pretty much at the same
trust level. It's possible to prod and poke at one client from other clients
in pretty arbitrary ways.
OK, so what are the risks under Wayland?
Today I've found out that I'm unable to merge my rpm config files under Wayland.
I've been using this for years:
$ sudo rpmconf -a -f meld
Currently, meld doesn't start this way. I don't know about any good merging tool
in CLI. I spent 15 minutes trying to merge my config files with vimdiff, I started hating
it with passion, and I ended up with broken configs. What solution are we going to offer
people who can't do everything in console and need GUI tools to perform certain
administrative tasks (I'm not really sure how polkit fits in this scenario)? Honestly,
I'd rather run a nested X server to be able to use meld than to use vimdiff again, and
I guess I wouldn't be the only one.
Since the security is improved under Wayland, are non-elevated applications still able to
eavesdrop or falsify input/output of elevated applications? The opposite direction is not
that important, I think, because if you run something as root (regardless of CLI or GUI),
you explicitly trust it to do almost anything to your system. If you decide to trust gedit
or meld, I don't see the difference from trusting vim or emacs. Unless there's
something in Wayland that is similar to vulnerabilities in X11?
Thanks for explanation.