On running gui applications as root

Andrew Lutomirski luto at mit.edu
Fri Oct 30 21:58:49 UTC 2015


On Fri, Oct 30, 2015 at 2:48 PM, Adam Jackson <ajax at redhat.com> wrote:
> On Fri, 2015-10-30 at 11:41 -0400, John Dulaney wrote:
>
>> As Halfline points out, the decision needs to be made whether to allow
>> gui applications to be run as root.  I figured I'd bring this up for
>> discussion in the hopes that a decision may be made whether or not to
>> allow this.
>
> Anyone running any X (or wayland) application as root in their desktop
> session is completely bonkers and deserves every consequence of their
> poor decision.

OK, I'll bite.  Why is it bonkers?

It's certainly the case that *gnome* might do something ridiculous if
you 'sudo gedit' something, but 'sudo emacs' really ought to be
equally acceptable regardless of whether you're using the terminal or
X frontend.

>
>> In the instance that the decision is made to not allow gui applications
>> root access, then we will also need to figure out a sane way to have
>> applications that require more than the usual set of user priviledges to
>> continue to work across multiple compositors and window managers that
>> may or may not have the necessary authentication agents built-in.
>
> Like Bastien said, we've had this for ages.  Typically people resist
> the solutions here because they consider it "bloat" or "unnecessary
> complexity"; the irony is not lost on me.

We have pam_sudo (or whatever the thing is called -- it's worked
mostly reliably for ages, and it's really quite handy).

ISTM the straightforward solution to all of this would be for Wayland
to allow a connection from anyone who can connect to the socket.  Then
just set permissions on the socket accordingly.

--Andy


More information about the devel mailing list