[OT] Re: Running graphical programs as root
Ray Andrews
rayandrews at eastlink.ca
Sat May 12 16:28:18 CEST 2012
On 11/05/12 09:10 AM, Darac Marjal wrote:
Darac, Kevin,
> This is certainly possible and is what frameworks such as AppArmour
> (or is it AppArmor?) and SELinux seek to achieve. You define such
> "approved behaviours" and then any aberrant behaviour is blocked.
> However, this can get in the way of your PC being a "general purpose"
> tool. Say, for example, you allow Kate to only modify files under
> /home. Everything works fine for ages, until that day that you want to
> use it to quickly edit your fstab. Whoops, you're blocked. However,
> remember that as root, you can do ANYTHING. This probably includes
> turning OFF such protection. And if the framework provides no such
> functionality, root could always, say, install a kernel without the
> framework installed and then cause a reboot.
Very interesting! So I'm not the first to wonder about better
protections. I will look at these things. At the least I'll instruct it
that VLC is only permitted to play music ;-)
Many thanks.
More information about the Xfce
mailing list