Re: GNOME and superuser (privilege raising) integration



On Tuesday 13 May 2003 21:23, Philip Van Hoof wrote:
> Hongli Lai wrote:
> Hi there, let me first introduce myself: I have been the author of GNOME
> xsu which has new renamed to GNOME SuperUser and is now being maintained
> by Mark Finlay (I think Mark is on this list to).
> <http://xsu.sourceforge.net/>
>
> Most issues with the wrapping of the "su" application and integrating
> such applications with GNOME are
>
> 1) Security issues.

This is the same excuse that people have been coming up with for years (since 
1999, or maybe earlier). -_-
If things keep up like this, nothing will ever get done.
Will a security expert step forward and implement it please?


> The best way is to use a SUID-root non-Gtk+
> application in stead of passing the password to "su" using a
> terminal-widget. However, some people dislike the idea of having
> _another_ SUID-root application and like the idea of using the standard
> "su" -or "sudo" command for this purpose. (Problem: su and sudo require
> a terminal for typing in the password -you cannot use a pipe for this-).
> Faking a terminal-widget might introduce security-issues.

How is it less secure than opening gnome-terminal, typing 'su' and typing in 
your password manually using the keyboard?


> 2) The fact that not every Operating System that can host GNOME/Gtk+
> applications really needs a superuser utility (Gtk+ and GNOME also work
> on -older versions of- Windows) nor/or has such a utility. Adding the
> library to GNOME would add a impossible dependancy for some Operating
> Systems -and environments.

I thought GNOME is supposed to be a Unix desktop and that the Windows port was 
only for fun?


> However, I _do_ like your idea and I _do_ think that it should be
> integrated with GNOME. Why? Because that way applications (like
> nautilus) and distrubutions (like RedHat) can then start using it in
> stead of inventing their own SuperUser-protocol. I also think that this
> library should not be GNOME-only; in stead should be available for "all"
> applications (so also KDE -and Console applications)... (PAM ?) and easy
> for developers to start using it. Maybe the people at freedesktop.org
> should agree on such a protocol? Talking to them might be a good idea (I
> have not checked but it is possible that they are already working on
> this issue).

I've thought about that. But in the end I decided to make it depend on GNOME 
because
1) KDE already has kdesu anyway
2) The API is quite high-level. It's fully integrated with the GUI code.
3) I can't find a better way to communicate with su other than using a 
terminal widget. openpty() works for my su (RedHat 7.2) but not for SuSE's su 
for some reason. This makes it depend on libvte.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]