Re: Re: su/sudo cannot X
John Hasler wrote
X and X applications are exceedingly complex, unaudited, and likely to be
chock full of buffer overruns, format string vulnerabilities, and other
I guess a checking on CERT's vulnerability list will reveal if this is true, X vs
non-X.
nasties. Consider the segfaults and memory leaks in Firefox, for example.
It only makes sense that you should want to run as little code as possible
as root. X drags in cubic miles of it.
Yeah, that's a general rule, but I am not sure if it is legit to
draw the line on whether it is X or not. I am actually not trying to run
tons of X applications as root, just some of the admin tools insist
on connecting to X, like my printer driver from samsung. Making sudo/su
X painful doesn't mean I will give up running them. I wondering how much
difference it makes on security by making sudo/su incapable of connecting
to X by default. This is different than logging into X as root.
Lei
Reply to: