[OT] Re: Running graphical programs as root

Christian Dywan christian at twotoasts.de
Fri May 11 18:19:22 CEST 2012 

On 11.05.2012 17:45, Ray Andrews wrote:
>
> On 09/05/12 10:57 AM, houghi wrote:
>>
>> If root types ' rm -r / ' well ... he typed it, too bad.  OTOH if I'm
>> playing an .mp3 as root and there's some devilish exploit in there,
>> might there not be some way of monitoring for that?
>> No. Because it has no idea if it is some exploit or if it is expected
>> behaviour. Perhaps my idea of fun is listening to Wagner while I
>> delete a
>> hard drive.
Lovely explanation!
> But that misses the point.  If *I* delete a hard drive via my own KB
> while listening to Wagner -- hey, 'Twilight of the Gods' would be the
> thing to listen to, wouldn't it ;-) -- then that's fine.  But is it
> reasonable to expect that VLC would delete a hard drive? Ever? Even
> when I'm listening to AC/DC? What I'm reaching for is some sort of
> 'guardian' program that would keep an eye on a few user choosable rules:
>
> -VLC: never allowed to delete HDDs.
> -Kate: only allowed to modify currently loaded file.
> -Internet Chess: chess moves only, no loading of hacked kernels.
> - ...
>
> It seems to me that even when running as root, there might still be
> some sort of monitoring going on that might check for obvious mischief.
Even root is not literally omnipotent despite common assumptions. Not on
a modern Linux anyway.

sudo chattr +i /etc/lsb-release
sudo rm /etc/lsb-release
rm: cannot remove `/etc/lsb-release': Operation not permitted


Having said that, AppArmor [1] is probably what you're after, if you
want that sort permission management.

And even then, I will not accept "sudo mplayer" as a valid use case.
I've seen plenty of unnecessary such setups. Applications are not
designed with superuser privileges in mind.

ciao,
    Christian

[1] https://en.wikipedia.org/wiki/AppArmor

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://mail.xfce.org/pipermail/xfce/attachments/20120511/77ba6a3d/attachment.pgp>

More information about the Xfce mailing list