Home_greyopenFATE - openSUSE feature tracking > #310058
Dashboard | Search | Sign up | Login

Please login or register to be able to edit or vote this feature.

SUDO with sandbox -X integration

Feature state

openSUSE-11.3
Rejected Information
openSUSE-11.4
Unconfirmed

Description

Fedora team have developed sandbox -X, a tool allowing to run programs from desktop in sandbox, but still connected to X server. We should integrate this with Sandbox -X to avoid security holes by running some application as another user by sudo.

User benefit:

People are often using graphical tools as root on unprivileged user. PolicyKit is still not satisfied.

Usecase

sudo /sbin/yast2

Discussion


icons/user_comment.png J. E. wrote: (4 years ago)

What exactly are you trying to protect against when su-ing to root anyway?

icons/user_comment.png S. L. wrote: (4 years ago)

Sudo doesn't remember X Cookie in default configuration. That was changed in OpenSUSE, but it's insecure. Using Sandbox -X we ensure no connection with current X session is possible and we can working with graphical tool.

I don't believe this is necessary, while running application as root. Some times root or other user will change effective userid to example peter UID.

Last change: 3 years ago
Voting
Score: -1
  • Negative: 2
  • Neutral: 0
  • Positive: 1
Tags

No tags yet.

Feature Export
Application-xmlXML   Text-x-logPlaintext   PrinterPrint