Raphael Geissert wrote:
[Please do _only_ send the email to the ML, I read it.] Rob Taylor wrote:Well, the real fd.o solution here is PackageKit. Its a bad thing to run things using graphical toolkits as root, as they're not going to have been audited for security. With PackageKit you use a small, auditable dbus service to do the task you need doing as root, and have the actual UI running in the users security domain.
Uhh, obviously I meant PolicyKit here, PackageKit is something completely different...
The problem is that not everything/one uses dbus, and software would need to be rewritten.
This is true. At least for GNOME this is making good progress however. KDE also seems to be making some progress in this regard as well. It'd be good (maybe after GNOME 2.26) to keep a list of common apps in collaboration with upstream that aren't using PolicyKit.
I strongly agree that running X11 apps as root is not good; but the point of the discussion is how to correctly su to root in a cross-desktop-compatible manner, not how perfect world is :).
I was replying to the message of the 'perfect world' of having an xdg util for su-to-root.. I'd suggest for now a simple solution would be to write a debian-desktop specific util that does what a hypothetical xdg-get-root would do (and then maybe propose it for inclusion in xdg-utls ;) ).
Thanks, Rob
Thanks, RobCheers,