Re: Potato "testing"
On Thu, 20 Jan 2000, Kenneth Scharf wrote:
>
> > You're not supposed to log in to xdm as root.
> > Running all your X utilities
> > as root is asking for trouble - it's running a lot
> > of programs which
> > aren't traditionally security audited with
> > privileged access.
> >
> > Log in as your self, su, and then run
> >
> > HOME=/home/ken /path/to/apt-gnome
> >
> > or similar. (Similarly for any root-requiring X
> > program).
> Only 'problem' is that apt-gnome appears in a
> drop-down menu which is useless unless you are logged
> in as root. This makes apt-gnome a catch-22, it MUST
> be run as root, but it CAN'T be run as root. (from the
> drop down menus anyway.) Same for ANY system wide
> configuration utility run under X. How does redhat,
> caldera, and corel deal with this?
Yes, you're right.
I don't know how the other dists deal with it. The 'correct' solution is
actually that no X program should run as root. Instead, it should have
some way of temporarily gaining exactly the privileges it needs.
That's pie-in-the-sky, though. We don't have it.
It is probably possible to cobble together a solution using sudo or a
similar tool...
Jules
/----------------+-------------------------------+---------------------\
| Jelibean aka | jules@jellybean.co.uk | 6 Evelyn Rd |
| Jules aka | jules@debian.org | Richmond, Surrey |
| Julian Bean | jmlb2@hermes.cam.ac.uk | TW9 2TF *UK* |
+----------------+-------------------------------+---------------------+
| War doesn't demonstrate who's right... just who's left. |
| When privacy is outlawed... only the outlaws have privacy. |
\----------------------------------------------------------------------/
Reply to: