Fedora-desktop-list Digest, Vol 70, Issue 6
Hristo Petkov
vaeood at yahoo.com
Thu Dec 10 08:17:29 UTC 2009
Hi,
absolutely agree about that entering the system as root to do everyday routine works is not exactly reasonable behaviour.
Entering the system in this way is something like destroying the firewall of your own castle just because you are the legal owner of the castle and you have the authorities to do that. Well, I am not going even to comment this.
Regards,
Christo Petkov
--- On Wed, 12/9/09, fedora-desktop-list-request at redhat.com <fedora-desktop-list-request at redhat.com> wrote:
From: fedora-desktop-list-request at redhat.com <fedora-desktop-list-request at redhat.com>
Subject: Fedora-desktop-list Digest, Vol 70, Issue 6
To: fedora-desktop-list at redhat.com
Date: Wednesday, December 9, 2009, 5:00 PM
Send Fedora-desktop-list mailing list submissions to
fedora-desktop-list at redhat.com
To subscribe or unsubscribe via the World Wide Web, visit
https://www.redhat.com/mailman/listinfo/fedora-desktop-list
or, via email, send a message with subject or body 'help' to
fedora-desktop-list-request at redhat.com
You can reach the person managing the list at
fedora-desktop-list-owner at redhat.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Fedora-desktop-list digest..."
Today's Topics:
1. Logging into GNOME as root (David Zeuthen)
2. Re: F13 sightings (M?ir?n Duffy)
3. Re: Logging into GNOME as root (Nicu Buculei)
4. Re: F13 sightings (Richard Hughes)
5. HAL removal Feature page (Bastien Nocera)
----------------------------------------------------------------------
Message: 1
Date: Tue, 08 Dec 2009 15:42:43 -0500
From: David Zeuthen <davidz at redhat.com>
Subject: Logging into GNOME as root
To: fedora-desktop-list at redhat.com
Message-ID: <1260304963.1877.7.camel at localhost.localdomain>
Content-Type: text/plain; charset="UTF-8"
Hey,
Despite our efforts, I still see a lot (or at least, more than I want)
of bugs where users log into GNOME as root - typically through stuff
like x11vnc or other sysadmin tools that bypasses gdm. Logging into
GNOME as root is not really the best of ideas - I won't go into details
here - I will just take it as a given that everyone agrees about about
this.
Anyway, one interesting side-effect is that polkit (now) says root is
authorized for anything - so we get interesting bugs like all
user-visible filesystems being automounted - normally this wouldn't
happen because of our current policy is to only allow automounting of
non-system-internal (which currently means only usb, firewire- and
sdio-connected devices + optical discs) without interrupting the user to
ask for his root password.
For example, a typical case is that some person installs Fedora on a
machine connected to a SAN and logs into GNOME as root. Now all the,
say, 5,000 partitions visible from the SAN is automounted. This is
typically not what the person logging in expected - in fact, such
behavior may easily cause data-loss as another initiator on the SAN may
have mounted one or more devices already.
Actually, of course, the real bug GVfs fix is to be less cavalier about
automounting - and that fix is already committed to GVfs and submitted
as an GVfs update for F-12 (only ever automount usb, firewire, sdio,
optical discs). Actually, the astute reader may note that this bugfix
will become important for F-13 as we want users created in the default
desktop OS to have more privileges cf. the "Roles and Policy" mail that
I sent to this list in August 2009.
So there's a couple of things here
1. Users will still log into GNOME as root no matter how loudly or
how many times they are told not to do that.
2. I'm pretty sure the GVfs automounting bug is not unique here - there
may be other things not working as expected. We should probably
think about auditing the distro - e.g. we don't want to cause
data loss even if people do things the OS is not designed for.
3. We probably need to do an even better job of discouraging
people logging in as root - I'm thinking we should show
a dialog explaining why this is bad and also show a red
background or something. Or maybe refuse to start gnome-session
altogether.
Currently (rawhide) I don't get any warnings whatsoever if I log
into VT1 as root on a machine in run level 3 and type 'startx'. I
just get a stock GNOME desktop.
Of course we could just say "don't use startx" but that's not how
things work (since we still ship startx) and I don't see that
changing. I don't regard "remove / neuter startx" as a fight worth
fighting either.
Thanks,
David
------------------------------
Message: 2
Date: Tue, 08 Dec 2009 13:22:07 -0500
From: M?ir?n Duffy <duffy at fedoraproject.org>
Subject: Re: F13 sightings
To: Discussions about development for the Fedora desktop
<fedora-desktop-list at redhat.com>
Message-ID: <1260296527.2139.4.camel at localhost.localdomain>
Content-Type: text/plain; charset="UTF-8"
Hi Richard,
On Tue, 2009-12-08 at 09:42 +0000, Richard Hughes wrote:
> Yup, I've not yet been deluged with bugreports, so it's looking pretty
> stable, even with the "first release" label. If you do find a bug,
> there's a mailing list
> http://mail.gnome.org/mailman/listinfo/gnome-color-manager-list which
> might be interesting to you. Bug reports (and patches if possible) are
> most welcome.
I was wondering - are the vendor-provided color profiles packageable? Do
you know what the legalities are around that? Do they have licenses? Are
they considered software?
(I was thinking it would be sweet to install the color profiles via
package kit rather than scour the web for them)
Thanks,
~m
------------------------------
Message: 3
Date: Wed, 09 Dec 2009 09:19:59 +0200
From: Nicu Buculei <nicu_fedora at nicubunu.ro>
Subject: Re: Logging into GNOME as root
To: Discussions about development for the Fedora desktop
<fedora-desktop-list at redhat.com>
Message-ID: <4B1F4F9F.5030309 at nicubunu.ro>
Content-Type: text/plain; charset=UTF-8; format=flowed
On 12/08/2009 10:42 PM, David Zeuthen wrote:
>
> 3. We probably need to do an even better job of discouraging
> people logging in as root - I'm thinking we should show
> a dialog explaining why this is bad and also show a red
> background or something. Or maybe refuse to start gnome-session
> altogether.
I think the key here is warning but without getting too annoying.
Refusing to start gnome-session will most likely make the person use
another DE instead, Xfce or something.
I think doing something like Windows XP is safe mode is OK: display a
warning dialog after login (maybe go the extra mile and provide a
checkbox "I uderstand I am doing, do not show it again") and a text (a
watermark?) over the background with "you are running as root".
> Currently (rawhide) I don't get any warnings whatsoever if I log
> into VT1 as root on a machine in run level 3 and type 'startx'. I
> just get a stock GNOME desktop.
If someone goes to the steps of switching to run level 3 and running
'startx' by hand, you can assume he has a good understanding of what
he's doing and will be able to bypass any blockers.
> Of course we could just say "don't use startx" but that's not how
> things work (since we still ship startx) and I don't see that
> changing. I don't regard "remove / neuter startx" as a fight worth
> fighting either.
I agree, there are still legit uses for startx.
--
nicu :: http://nicubunu.ro :: http://nicubunu.blogspot.com/
------------------------------
Message: 4
Date: Wed, 9 Dec 2009 08:51:33 +0000
From: Richard Hughes <hughsient at gmail.com>
Subject: Re: F13 sightings
To: Discussions about development for the Fedora desktop
<fedora-desktop-list at redhat.com>
Message-ID:
<15e53e180912090051m51e1f9bes54e2c2e1967df6d6 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
2009/12/8 Máirín Duffy <duffy at fedoraproject.org>:
> Hi Richard,
>
> On Tue, 2009-12-08 at 09:42 +0000, Richard Hughes wrote:
>> Yup, I've not yet been deluged with bugreports, so it's looking pretty
>> stable, even with the "first release" label. If you do find a bug,
>> there's a mailing list
>> http://mail.gnome.org/mailman/listinfo/gnome-color-manager-list which
>> might be interesting to you. Bug reports (and patches if possible) are
>> most welcome.
>
> I was wondering - are the vendor-provided color profiles packageable? Do
> you know what the legalities are around that? Do they have licenses? Are
> they considered software?
>
> (I was thinking it would be sweet to install the color profiles via
> package kit rather than scour the web for them)
I'm already there:
http://blogs.gnome.org/hughsie/2009/12/08/shared-color-profiles/
Richard.
------------------------------
Message: 5
Date: Wed, 09 Dec 2009 15:40:52 +0000
From: Bastien Nocera <bnocera at redhat.com>
Subject: HAL removal Feature page
To: fedora-desktop-list at redhat.com
Message-ID: <1260373252.3311.2017.camel at localhost.localdomain>
Content-Type: text/plain; charset="ISO-8859-1"
Heya,
I've created this page to track the removal of HAL (hopefully) for F13:
https://fedoraproject.org/wiki/Features/HalRemoval
Could you please check your package and add them to the list if:
- they rely on HAL or libhal
- they rely on gnome-vfs2 (which still requires HAL, and is deprecated)
- they rely on libgnomeui (which requires gnome-vfs2)
We're only tracking Desktop spin applications, and applications you'd
expect to see installed on GNOME desktops.
Cheers
------------------------------
--
Fedora-desktop-list mailing list
Fedora-desktop-list at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list
End of Fedora-desktop-list Digest, Vol 70, Issue 6
**************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-desktop-list/attachments/20091210/5ebf7f0c/attachment.htm>
More information about the Fedora-desktop-list
mailing list