GNOME.org
 

Re: [Gimp-user] The GIMP opens in superuser mode

* Steve Kinney <admin pilobilus net> [04-06-18 03:15]:



On 04/06/2018 12:05 AM, Liam R E Quin wrote:

On Thu, 2018-04-05 at 23:40 -0400, Steve Kinney wrote:


On 04/05/2018 09:41 PM, Liam R E Quin wrote:

On Thu, 2018-04-05 at 20:42 -0400, Steve Kinney wrote:


It /should/ be impossible for a program opened by a 'regular'
user to
run in superuser mode, unless the regular user enters the root
password.


It can happen if the program's binary is owned by the root user and
is
mode u+s (set-userid).

Liam (ankh)


Yikes.

One "should" not allow this either, without a very good reason...


On most user applications, no, although
ls -l /usr/bin/ | grep '^[^ ]*s' | wc -l
gives 36 results here (many setgid rather than setuid, and not all
owned by root, but e.g. su, sudo, umount, all have to be root-owned and
suid.).

It's possible to disable set-userid file modes from being respected
using a mount option, but using that on the system partitions would
break yuor system.


Ah so.  My comprehension of Linux internals is only rudimentary, but
once pointed out it's obvious that su, sudo and umount would be owned by
root - only root can do the things they enable a user with the root
password to do.

A graphics editor or a wrapper for portable applications?  Not so much.  :D


not knowing flatpack, the package was probably installed using root
account and took the installer account perms and file locations.  if
installed into root's home, would indeed have root perms, even as
illogical as that would be.

-- 
(paka)Patrick Shanahan       Plainfield, Indiana, USA          @ptilopteri
http://en.opensuse.org    openSUSE Community Member    facebook/ptilopteri
Registered Linux User #207535                    @ http://linuxcounter.net
Photos: http://wahoo.no-ip.org/piwigo               paka @ IRCnet freenode
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]