Dropping kdesudo

Pali Rohár pali.rohar at gmail.com
Thu Sep 7 13:56:58 UTC 2017 

On Thursday 07 September 2017 15:21:47 Aleix Pol wrote:
> On Thu, Sep 7, 2017 at 12:45 PM, Pali Rohár <pali.rohar at gmail.com> wrote:
> > On Thursday 07 September 2017 12:35:19 Aleix Pol wrote:
> >> On Thu, Sep 7, 2017 at 3:19 AM, Dale Trombley <buzzmandt at gmail.com> wrote:
> >> > I'm one of those that always assumed anything graphic needed kdesudo (as
> >> > opposed to gksudo). Am I wrong in that assumption?
> >>
> >> Yes, no graphical software should be ever run as root. It's a major
> >> security problem as it exposes the problems with X11 to root
> >> privileges.
> >> If you find an application that requires it, feel free to report it as a bug.
> >
> > Any partition manager application (including the most powerful gnome's
> > gparted or kde's partitionmanager) needs root for obvious reasons as
> > access to hardware would always needs root.
> >
> > And it is not a bug, but correct behavior as normal user does not have
> > access to hardware and raw disks.
> 
> They need it to query and to perform the tasks but not to display the
> information or have the user interact with it.

I provided patches to both projects (partitionmanager and gparted) and
they have structured code into disk actions and GUI, but everything is
in one executable. I know this code. Actions with works with disks must
always run under root and GUI can be under normal user. But in such case
GUI and disk parts needs to be in separate processes and for such thing
are those project not only prepared but their architecture does not
support it.

> That's why PolicyKit (and a bunch of other technology) was created in
> the first place.

Which is absolutely useless for those two projects. It is nice that
somebody created such technology, but I doubt he consulted it with
*existing* and widely used applications (like those two) if it would be
useful for them.

As I said those two projects would not run under non-root user, their
current architecture does not allow it and rewriting it would make a lot
of work for which those projects do not have people nor motivation.

-- 
Pali Rohár
pali.rohar at gmail.com

More information about the kubuntu-devel mailing list