Lock screen does not work for root in gnome
Luciano Miguel Ferreira Rocha
strange at nsk.no-ip.org
Wed Oct 20 22:26:49 UTC 2004
On Wed, Oct 20, 2004 at 05:23:47PM -0400, Alan Cox wrote:
> On Mon, Oct 18, 2004 at 01:04:53AM +0100, Luciano Miguel Ferreira Rocha wrote:
> > > You'd rather it did what KDE does and not drop privs at all, running
> > > arbitrary eye-candy sub-processes as root?
> >
> > They can't be trusted to run as root? Can they be trusted to be run as
> > any user at all?
>
> KDE doesn't support setuid usage, nor does gtk+. Its a sensible policy anyway.
We're not talking about setuid usage. Nobody claims for xscreensaver to
be set suid.
xscreensaver is a normal application that should cause no problems for a
user running it. If it fails that goal for root, or 'may fail', then it
shouldn't be run as a normal user either.
xscreensaver decision to setuid(nobody) when euid == 0 and then require
a xhost + is just broken. I fail to see a situation where to run cute
(tastes may vary) graphical animations as root would be a no-no,
but to run with X unprotected a possibility.
That it's not a good policy, sure. But it's not up to the developer to
enforce the policy it feels best.
IMO, of course.
Regards,
Luciano Rocha
More information about the fedora-devel-list
mailing list