On Fri, Oct 30, 2015 at 2:48 PM, Adam Jackson <ajax(a)redhat.com> wrote:
On Fri, 2015-10-30 at 11:41 -0400, John Dulaney wrote:
> As Halfline points out, the decision needs to be made whether to allow
> gui applications to be run as root. I figured I'd bring this up for
> discussion in the hopes that a decision may be made whether or not to
> allow this.
Anyone running any X (or wayland) application as root in their desktop
session is completely bonkers and deserves every consequence of their
poor decision.
OK, I'll bite. Why is it bonkers?
It's certainly the case that *gnome* might do something ridiculous if
you 'sudo gedit' something, but 'sudo emacs' really ought to be
equally acceptable regardless of whether you're using the terminal or
X frontend.
> In the instance that the decision is made to not allow gui applications
> root access, then we will also need to figure out a sane way to have
> applications that require more than the usual set of user priviledges to
> continue to work across multiple compositors and window managers that
> may or may not have the necessary authentication agents built-in.
Like Bastien said, we've had this for ages. Typically people resist
the solutions here because they consider it "bloat" or "unnecessary
complexity"; the irony is not lost on me.
We have pam_sudo (or whatever the thing is called -- it's worked
mostly reliably for ages, and it's really quite handy).
ISTM the straightforward solution to all of this would be for Wayland
to allow a connection from anyone who can connect to the socket. Then
just set permissions on the socket accordingly.
--Andy