[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Lock screen does not work for root in gnome



On Wed, Oct 20, 2004 at 05:23:47PM -0400, Alan Cox wrote:
> On Mon, Oct 18, 2004 at 01:04:53AM +0100, Luciano Miguel Ferreira Rocha wrote:
> > > You'd rather it did what KDE does and not drop privs at all, running
> > > arbitrary eye-candy sub-processes as root?
> > 
> > They can't be trusted to run as root? Can they be trusted to be run as
> > any user at all?
> 
> KDE doesn't support setuid usage, nor does gtk+. Its a sensible policy anyway.

We're not talking about setuid usage. Nobody claims for xscreensaver to
be set suid.

xscreensaver is a normal application that should cause no problems for a
user running it. If it fails that goal for root, or 'may fail', then it
shouldn't be run as a normal user either.

xscreensaver decision to setuid(nobody) when euid == 0 and then require
a xhost + is just broken. I fail to see a situation where to run cute
(tastes may vary) graphical animations as root would be a no-no,
but to run with X unprotected a possibility.

That it's not a good policy, sure. But it's not up to the developer to
enforce the policy it feels best.

IMO, of course.

Regards,
Luciano Rocha


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]