Re: root login

To: debian-gtk-gnome@lists.debian.org
Subject: Re: root login
From: Jeff Waugh <jdub@perkypants.org>
Date: Mon, 28 Apr 2003 08:22:29 +1000
Message-id: <[🔎] 20030427222229.GO11992@lazarus>
Mail-followup-to: debian-gtk-gnome@lists.debian.org
In-reply-to: <[🔎] 20030427173302.GA3111@iliana>
References: <[🔎] 20030425164022.GC494@lazarus> <[🔎] 20030427082738.GA2261@iliana> <[🔎] 20030427090148.GB11992@lazarus> <[🔎] 20030427091820.GA2864@iliana> <[🔎] 20030427094610.GC11992@lazarus> <[🔎] 20030427110333.GA23514@iliana> <[🔎] 20030427131048.GF11992@lazarus> <[🔎] 20030427154712.GA1884@iliana> <[🔎] 20030427162041.GM11992@lazarus> <[🔎] 20030427173302.GA3111@iliana>

<quote who="Sven Luther">

> > No, we're talking about permission elevation here - systems like su and
> > sudo, with pam support are examples of this on our platform.
> 
> That is the solution you propose to the problem. There may be other ways
> to solve the problems though, which don't involve permission elevation,

The problem *is* permissions elevation. If you don't get that, I can't help
you.

> > > Well, in gnome 1 i could shutdown with one click from the gnome session
> > > using a sudo gshutdown launcher button, something i cannot do anymore.
> > > Why was gshutdown removed ?
> > 
> > No idea.
> 
> I guess it is because

Why are you guessing?

> > OS, and the security issues are code and protocol related, not user
> > issues.
> 
> So, which OS are gnome targets which don't have groups ? And is it planed
> to release a windows version of gnome ?

Dude, this has *nothing to do with groups*!

> And anyway, by saying that gnome should not be run as gnome, you clearly
> state that it is not secure enough for it, which is only normal.

Go back and read my email. Running GNOME as root is not stupid because
"GNOME is not good enough", it's because "root can do anything". You can't
secure anything against root.

> > This has nothing to do with groups. It's about permissions elevation and
> > capabilities. I really strongly suggest that you read about the various *-su
> > solutions posted to desktop-devel-list a while back, and the discussion that
> 
> I don't follow this list, so it seem normal that i don't know about it,
> any url to the mail archive of it ?

http://mail.gnome.org/archives/desktop-devel-list/index.html

> That said, maybe i am only speaking bullshit and really have no idea of
> what i speak about, in this case please tell me, but please also tell me
> it more specificly.

GNOME needs a general, secure and portable user interface to the permissions
elevation systems on the platforms we run on. It has little or nothing to do
with "GDM message passing" or simply using groups.

- Jeff

-- 
linux.conf.au 2004: Adelaide, Australia         http://lca2004.linux.org.au/
 
  There's no horse higher, no mailing list taunt lower, no developer base
              wider. Rock My Software in the Bosom of Debian.

Reply to:

Follow-Ups:
- Re: root login
  - From: Sven Luther <sven.luther@wanadoo.fr>

References:
- Re: root login
  - From: Jeff Waugh <jdub@perkypants.org>
- Re: root login
  - From: Sven Luther <sven.luther@wanadoo.fr>
- Re: root login
  - From: Jeff Waugh <jdub@perkypants.org>
- Re: root login
  - From: Sven Luther <sven.luther@wanadoo.fr>
- Re: root login
  - From: Jeff Waugh <jdub@perkypants.org>
- Re: root login
  - From: Sven Luther <sven.luther@wanadoo.fr>
- Re: root login
  - From: Jeff Waugh <jdub@perkypants.org>
- Re: root login
  - From: Sven Luther <sven.luther@wanadoo.fr>
- Re: root login
  - From: Jeff Waugh <jdub@perkypants.org>
- Re: root login
  - From: Sven Luther <sven.luther@wanadoo.fr>

Prev by Date: Re: root login
Next by Date: Re: gnome applet packages name.
Previous by thread: Re: root login
Next by thread: Re: root login
Index(es):
- Date
- Thread