GKSU apps launch root apps from About dialog

 importance whishlist

You can't really avoid that, it could work with sudo (and I am not even
sure), but I doubt it could with su. Anyway, no apps should be launched
as root. Everything in policykit quickly, please !

Yet, it could be investigated, even if I think there aren't a lot of
chances.

Le mardi 29 mai 2012 à 16:41 +0000, Daniel Fore a écrit :
> Public bug reported:
>
> When an app runs as GKSU, the About dialog launches a root owned web
> browser. If possible, we shouldn't do this.
>
> ** Affects: granite
> Importance: Undecided
> Status: New
>

Dropping privileges is nasty indeed.

to which group and user should the permissions be dropped to?

To the user with UID from SUDO_UID environment variable in case of gksudo and PKEXEC_UID environment variable in case of pkexec (which is a more modern way of doing basically the same thing; it uses policykit as a backend).

Using su is not allowed to mere users on Ubuntu, and "sudo su" provides SUDO_UID variable.

Also, I don't know why I used to be against dropping privileges. This actually sounds sane now. I have a much hackier (though working) code in Glimpse for that; gotta fix it with these new findings.

Marking this as invalid for Granite. Now that we launch root apps using Polkit and/or the About dialog is launched from quicklist I can't seem to reproduce this issue.