On Fri, Oct 30, 2015 at 2:48 PM, Adam Jackson ajax@redhat.com wrote:
On Fri, 2015-10-30 at 11:41 -0400, John Dulaney wrote:
As Halfline points out, the decision needs to be made whether to allow gui applications to be run as root. I figured I'd bring this up for discussion in the hopes that a decision may be made whether or not to allow this.
Anyone running any X (or wayland) application as root in their desktop session is completely bonkers and deserves every consequence of their poor decision.
OK, I'll bite. Why is it bonkers?
It's certainly the case that *gnome* might do something ridiculous if you 'sudo gedit' something, but 'sudo emacs' really ought to be equally acceptable regardless of whether you're using the terminal or X frontend.
In the instance that the decision is made to not allow gui applications root access, then we will also need to figure out a sane way to have applications that require more than the usual set of user priviledges to continue to work across multiple compositors and window managers that may or may not have the necessary authentication agents built-in.
Like Bastien said, we've had this for ages. Typically people resist the solutions here because they consider it "bloat" or "unnecessary complexity"; the irony is not lost on me.
We have pam_sudo (or whatever the thing is called -- it's worked mostly reliably for ages, and it's really quite handy).
ISTM the straightforward solution to all of this would be for Wayland to allow a connection from anyone who can connect to the socket. Then just set permissions on the socket accordingly.
--Andy