> OK, so what are the risks under Wayland?
>
...
>
> Since the security is improved under Wayland, are non-elevated applications
> still able to eavesdrop or falsify input/output of elevated applications?
> The opposite direction is not that important, I think, because if you run
> something as ro
On 11/19/2015 08:31 AM, Reindl Harald wrote:
Am 19.11.2015 um 13:57 schrieb Simon Farnsworth:
Put another way: "sudo emacs /etc/hosts" will break under Wayland
than wayland is currently not useable and ready to replace X11
as user i don't care if the application needs to be fixed or wayland
On 19 November 2015 at 15:31, Adam Jackson wrote:
> On Wed, 2015-11-18 at 21:45 +, Ian Malone wrote:
>
>> Not really getting this. For any configuration task where you replace
>> editing a root owned text file with access through some authorised
>> gui, that gui is still vulnerable.
>
> That g
On Wed, 2015-11-18 at 21:45 +, Ian Malone wrote:
> Not really getting this. For any configuration task where you replace
> editing a root owned text file with access through some authorised
> gui, that gui is still vulnerable.
That gui's code, unlike emacs, doesn't allow you to write arbitrar
On Thursday 19 Nov 2015 13:56:32 Andrew Haley wrote:
> On 11/19/2015 01:03 PM, Simon Farnsworth wrote:
> > "sudo -e /etc/hosts", will ... still work
>
> Hold on, I think I may not be understanding something. If "sudo -e
> /etc/hosts" will still work, why won't "sudo emacs /etc/hosts" ?
>
> Andr
On 11/19/2015 01:03 PM, Simon Farnsworth wrote:
> "sudo -e /etc/hosts", will ... still work
Hold on, I think I may not be understanding something. If "sudo -e /etc/hosts"
will still work, why won't "sudo emacs /etc/hosts" ?
Andrew.
--
devel mailing list
devel@lists.fedoraproject.org
https://
Am 19.11.2015 um 13:57 schrieb Simon Farnsworth:
Put another way: "sudo emacs /etc/hosts" will break under Wayland
than wayland is currently not useable and ready to replace X11
as user i don't care if the application needs to be fixed or wayland
lacks whatever but given that there are a ba
On 11/19/2015 12:57 PM, Simon Farnsworth wrote:
> On Thursday 19 Nov 2015 12:48:50 Andrew Haley wrote:
>> On 11/18/2015 06:49 PM, Adam Jackson wrote:
>
>>> Phrased another way: no, it's not *your computer* we're talking about
>>> here. The computer in question rightfully belongs to someone else;
On Thursday 19 Nov 2015 12:48:50 Andrew Haley wrote:
> On 11/18/2015 06:49 PM, Adam Jackson wrote:
> > Phrased another way: no, it's not *your computer* we're talking about
> > here. The computer in question rightfully belongs to someone else; we
> > are here discussing how to be responsible for
On 19 November 2015 at 03:18, Matthew Miller wrote:
> On Wed, Nov 18, 2015 at 03:09:34PM -0500, Adam Jackson wrote:
>> To the bug in question: probably we should make it so 'sudo gedit' does
>> work, but I'd still strongly discourage anyone from actually doing so.
>
> Actually, there's a better wa
On 11/18/2015 06:49 PM, Adam Jackson wrote:
> On Tue, 2015-11-17 at 17:30 +, Andrew Haley wrote:
>> On 11/02/2015 03:05 PM, Adam Jackson wrote:
>>> But, why take the risk exposure, when you could simply not?
>>
>> How else would I edit root-owned files? I don't get it. I mean,
>> I guess I co
On Wed, Nov 18, 2015 at 03:09:34PM -0500, Adam Jackson wrote:
> To the bug in question: probably we should make it so 'sudo gedit' does
> work, but I'd still strongly discourage anyone from actually doing so.
Actually, there's a better way. The authors of sudo already considered
this. Set "VISUAL"
Am 19.11.2015 um 01:00 schrieb Reindl Harald:
Am 19.11.2015 um 00:57 schrieb Ian Malone:
On 18 November 2015 at 23:38, Reindl Harald
wrote:
Am 18.11.2015 um 19:49 schrieb Adam Jackson:
That's kind of a non sequitur. To a first order, there are zero root-
owned files you need to edit routin
Am 19.11.2015 um 00:57 schrieb Ian Malone:
On 18 November 2015 at 23:38, Reindl Harald wrote:
Am 18.11.2015 um 19:49 schrieb Adam Jackson:
On Tue, 2015-11-17 at 17:30 +, Andrew Haley wrote:
On 11/02/2015 03:05 PM, Adam Jackson wrote:
But, why take the risk exposure, when you could
On 18 November 2015 at 23:38, Reindl Harald wrote:
>
>
> Am 18.11.2015 um 19:49 schrieb Adam Jackson:
>>
>> On Tue, 2015-11-17 at 17:30 +, Andrew Haley wrote:
>>>
>>> On 11/02/2015 03:05 PM, Adam Jackson wrote:
But, why take the risk exposure, when you could simply not?
>>>
>>>
>>> H
Am 18.11.2015 um 21:09 schrieb Adam Jackson:
On Wed, 2015-11-18 at 11:53 -0800, Andrew Lutomirski wrote:
I don't understand. If a user who has the right to act as root asks
to authorize a program to run as root on their behalf, we should grant
that request. And, once we grant it, we shouldn
Am 18.11.2015 um 19:49 schrieb Adam Jackson:
On Tue, 2015-11-17 at 17:30 +, Andrew Haley wrote:
On 11/02/2015 03:05 PM, Adam Jackson wrote:
But, why take the risk exposure, when you could simply not?
How else would I edit root-owned files? I don't get it. I mean,
I guess I could run a
On 18 November 2015 at 20:24, Adam Williamson
wrote:
> On Wed, 2015-11-18 at 15:09 -0500, Adam Jackson wrote:
>> On Wed, 2015-11-18 at 11:53 -0800, Andrew Lutomirski wrote:
>>
>> > I don't understand. If a user who has the right to act as root asks
>> > to authorize a program to run as root on th
On 18 November 2015 at 20:09, Adam Jackson wrote:
> On Wed, 2015-11-18 at 11:53 -0800, Andrew Lutomirski wrote:
>
>> I don't understand. If a user who has the right to act as root asks
>> to authorize a program to run as root on their behalf, we should grant
>> that request. And, once we grant i
2015-11-18 21:24 GMT+01:00 Adam Williamson :
> On Wed, 2015-11-18 at 15:09 -0500, Adam Jackson wrote:
>> On Wed, 2015-11-18 at 11:53 -0800, Andrew Lutomirski wrote:
>>
>> > I don't understand. If a user who has the right to act as root asks
>> > to authorize a program to run as root on their behal
On Wed, Nov 18, 2015 at 12:24 PM, Adam Williamson
wrote:
> On Wed, 2015-11-18 at 15:09 -0500, Adam Jackson wrote:
>> On Wed, 2015-11-18 at 11:53 -0800, Andrew Lutomirski wrote:
>>
>> > I don't understand. If a user who has the right to act as root asks
>> > to authorize a program to run as root o
On Wed, 2015-11-18 at 15:09 -0500, Adam Jackson wrote:
> On Wed, 2015-11-18 at 11:53 -0800, Andrew Lutomirski wrote:
>
> > I don't understand. If a user who has the right to act as root asks
> > to authorize a program to run as root on their behalf, we should grant
> > that request. And, once we
On Wed, 2015-11-18 at 11:53 -0800, Andrew Lutomirski wrote:
> I don't understand. If a user who has the right to act as root asks
> to authorize a program to run as root on their behalf, we should grant
> that request. And, once we grant it, we shouldn't be
> passive-aggressive and say "sure you
On Wed, Nov 18, 2015 at 10:49 AM, Adam Jackson wrote:
> On Tue, 2015-11-17 at 17:30 +, Andrew Haley wrote:
>> On 11/02/2015 03:05 PM, Adam Jackson wrote:
>> > But, why take the risk exposure, when you could simply not?
>>
>> How else would I edit root-owned files? I don't get it. I mean,
>>
On Tue, 2015-11-17 at 17:30 +, Andrew Haley wrote:
> On 11/02/2015 03:05 PM, Adam Jackson wrote:
> > But, why take the risk exposure, when you could simply not?
>
> How else would I edit root-owned files? I don't get it. I mean,
> I guess I could run an editor in a text window, but I don't w
> Hi,
>
> > It's certainly the case that *gnome* might do something ridiculous if
> > you 'sudo gedit' something, but 'sudo emacs' really ought to be
> > equally acceptable regardless of whether you're using the terminal or
> > X frontend.
> emacs is probably okay, just by virtue of the fact that
On 11/17/2015 06:25 PM, Tom Hughes wrote:
> On 17/11/15 18:11, Andrew Haley wrote:
>> On 11/17/2015 05:55 PM, Joonas Sarajärvi wrote:
>>> My impression is that by default in fedora, virt-manager runs as
>>> non-root. I guess it might ask for the root password in order to
>>> manage the libvirtd tha
On 17/11/15 18:11, Andrew Haley wrote:
On 11/17/2015 05:55 PM, Joonas Sarajärvi wrote:
My impression is that by default in fedora, virt-manager runs as
non-root. I guess it might ask for the root password in order to
manage the libvirtd that runs as privileged mode, but even in that
case the use
2015-11-17 20:07 GMT+02:00 Reindl Harald :
> depends on what the application is supposed to do and if you want a global
> setup instead only in the userhome for every user
>
> installing in your userhome has another disadvantage: you are running all
> day long a application writeable by your user a
On 11/17/2015 05:55 PM, Joonas Sarajärvi wrote:
> My impression is that by default in fedora, virt-manager runs as
> non-root. I guess it might ask for the root password in order to
> manage the libvirtd that runs as privileged mode, but even in that
> case the user interface would run as your norm
Am 17.11.2015 um 19:04 schrieb Joonas Sarajärvi:
2015-11-17 19:56 GMT+02:00 Florian Weimer :
Doesn't most proprietary software come with GUI installers?
No idea if "most" are, but at least I have seen many proprietary
programs that do not require a GUI in installation.
Also in many cases wh
2015-11-17 19:56 GMT+02:00 Florian Weimer :
> Doesn't most proprietary software come with GUI installers?
No idea if "most" are, but at least I have seen many proprietary
programs that do not require a GUI in installation.
Also in many cases where there is a GUI installer, it works just fine
as a
Am 17.11.2015 um 18:56 schrieb Florian Weimer:
On 10/30/2015 10:48 PM, Adam Jackson wrote:
Anyone running any X (or wayland) application as root in their desktop
session is completely bonkers and deserves every consequence of their
poor decision.
Doesn't most proprietary software come with GU
Hi,
2015-11-17 19:30 GMT+02:00 Andrew Haley :
> And I have no idea how to run things like virt-manager without root.
My impression is that by default in fedora, virt-manager runs as
non-root. I guess it might ask for the root password in order to
manage the libvirtd that runs as privileged mode,
On 10/30/2015 10:48 PM, Adam Jackson wrote:
> Anyone running any X (or wayland) application as root in their desktop
> session is completely bonkers and deserves every consequence of their
> poor decision.
Doesn't most proprietary software come with GUI installers?
Florian
--
devel mailing list
On 11/02/2015 03:05 PM, Adam Jackson wrote:
> But, why take the risk exposure, when you could simply not?
How else would I edit root-owned files? I don't get it. I mean,
I guess I could run an editor in a text window, but I don't want to
do that.
And I have no idea how to run things like virt-m
On Nov 2, 2015 7:05 AM, "Adam Jackson" wrote:
>
> On Fri, 2015-10-30 at 14:58 -0700, Andrew Lutomirski wrote:
> > On Fri, Oct 30, 2015 at 2:48 PM, Adam Jackson wrote:
> > >
> > > Anyone running any X (or wayland) application as root in their desktop
> > > session is completely bonkers and deserve
On Fri, 2015-10-30 at 14:58 -0700, Andrew Lutomirski wrote:
> On Fri, Oct 30, 2015 at 2:48 PM, Adam Jackson wrote:
> >
> > Anyone running any X (or wayland) application as root in their desktop
> > session is completely bonkers and deserves every consequence of their
> > poor decision.
>
> OK, I
Hi,
> It's certainly the case that *gnome* might do something ridiculous if
> you 'sudo gedit' something, but 'sudo emacs' really ought to be
> equally acceptable regardless of whether you're using the terminal or
> X frontend.
emacs is probably okay, just by virtue of the fact that if the admin g
On Fri, Oct 30, 2015 at 2:48 PM, Adam Jackson wrote:
> On Fri, 2015-10-30 at 11:41 -0400, John Dulaney wrote:
>
>> As Halfline points out, the decision needs to be made whether to allow
>> gui applications to be run as root. I figured I'd bring this up for
>> discussion in the hopes that a decisi
On Fri, 2015-10-30 at 11:41 -0400, John Dulaney wrote:
> As Halfline points out, the decision needs to be made whether to allow
> gui applications to be run as root. I figured I'd bring this up for
> discussion in the hopes that a decision may be made whether or not to
> allow this.
Anyone runni
- Original Message -
> Recently, I filed a bug (1274451) about running virt-manager on Wayland.
> As it turns out that this is applicable to running gui applications as
> root on Wayland in general, the scope was changed (see Cole's comments).
>
> As Halfline points out, the decision nee
42 matches
Mail list logo
