On 11/19/2015 08:31 AM, Reindl Harald
wrote:
Am 19.11.2015 um 13:57 schrieb Simon Farnsworth:
Put
another way: "sudo emacs /etc/hosts" will break under Wayland
than wayland is currently not useable and ready to replace X11
as user i don't care if the application needs to be fixed or
wayland lacks whatever but given that there are a bazillion more
applications compared to X11 versus wayland it's pretty clear
where to start
I think you're arguing that the multitude of X applications does not
have fine-grained access controls, so they have to be given overall
root privilege---but this is the old OS security model that we've
been moving away from for years.
Adam's argument is that we should switch to fine-grained control,
just like we switched to fine-grained control with SELinux. We have
to find out why the GUI app legitimately requires elevated access
and give it just that access. Those 'horrible hacks' that you decry
do exactly that: isolate the root-level file access and arrange for
it, while running the entire GUI at non-privileged level.
This could be done in other ways too, e.g. by wrapping the GUI with
a script that adds user to root file's ACL, edits it and takes ACL
away. Your rsync mechanism is actually a perfect example: root
access to files on your target systems should be decoupled from root
access on your admin system.