[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: it's so easy ...

On Thu, Sep 21, 2000 at 08:45:17PM -0800, Ethan Benson wrote:
> you misunderstand me, NO X stuff should be running as root, ever.
> gnome-apt should run happily as an ordinary user without any suid
> bits.  when it needs privilege it should put up a ssh-askpass style
> dialog asking for the root password and pass that password on to a
> NON-X backend program that authenticates and then performs the
> privileged operations.  in many cases this could probably be as simple
> as su -c 'foo' (though that might not be the best way to do it) 
> but this horrible mentality of `just run it as root' MUST stop.  X

No, actually I wasn't saying, I've just said run 'it' as root if 'it'
is a X based app should stop (i.e. use only libc (part of it) while
you are running as root).

However, maybe now it's clean what RH probably does:
when is launched gnorpm:

- ask for admin password setting lock.

- start an user app that read the present configuration and let you
  change it.

- when you have done re-ask you for root (??? - actually, i've never
  tried, my experience with RH was very short).

- run su program someway (i.e. su)

(third step could be skipped if it has some way to remember root password)

Probably, what appear to me as user is that there is some other program
that start the app as root.

Ok, given that this is as secure as running a text application as
root, and given that gnome-apt isn't secure, it should be clean that
gnome-apt should be change in this way (there number of version of
'this way', it's clean).

That is what I was saying ... somewhere I've got a dictionary
... somewhen i can find time to develop better my english, I'm sorry
for confusion.


Daniele Cruciani <cruciani@cli.di.unipi.it>
Universita` di Pisa - Informatica -

Reply to: