FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Desktop

 
 
LinkBack Thread Tools
 
Old 12-08-2009, 07:42 PM
David Zeuthen
 
Default Logging into GNOME as root

Hey,

Despite our efforts, I still see a lot (or at least, more than I want)
of bugs where users log into GNOME as root - typically through stuff
like x11vnc or other sysadmin tools that bypasses gdm. Logging into
GNOME as root is not really the best of ideas - I won't go into details
here - I will just take it as a given that everyone agrees about about
this.

Anyway, one interesting side-effect is that polkit (now) says root is
authorized for anything - so we get interesting bugs like all
user-visible filesystems being automounted - normally this wouldn't
happen because of our current policy is to only allow automounting of
non-system-internal (which currently means only usb, firewire- and
sdio-connected devices + optical discs) without interrupting the user to
ask for his root password.

For example, a typical case is that some person installs Fedora on a
machine connected to a SAN and logs into GNOME as root. Now all the,
say, 5,000 partitions visible from the SAN is automounted. This is
typically not what the person logging in expected - in fact, such
behavior may easily cause data-loss as another initiator on the SAN may
have mounted one or more devices already.

Actually, of course, the real bug GVfs fix is to be less cavalier about
automounting - and that fix is already committed to GVfs and submitted
as an GVfs update for F-12 (only ever automount usb, firewire, sdio,
optical discs). Actually, the astute reader may note that this bugfix
will become important for F-13 as we want users created in the default
desktop OS to have more privileges cf. the "Roles and Policy" mail that
I sent to this list in August 2009.

So there's a couple of things here

1. Users will still log into GNOME as root no matter how loudly or
how many times they are told not to do that.

2. I'm pretty sure the GVfs automounting bug is not unique here - there
may be other things not working as expected. We should probably
think about auditing the distro - e.g. we don't want to cause
data loss even if people do things the OS is not designed for.

3. We probably need to do an even better job of discouraging
people logging in as root - I'm thinking we should show
a dialog explaining why this is bad and also show a red
background or something. Or maybe refuse to start gnome-session
altogether.

Currently (rawhide) I don't get any warnings whatsoever if I log
into VT1 as root on a machine in run level 3 and type 'startx'. I
just get a stock GNOME desktop.

Of course we could just say "don't use startx" but that's not how
things work (since we still ship startx) and I don't see that
changing. I don't regard "remove / neuter startx" as a fight worth
fighting either.

Thanks,
David


--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list
 
Old 12-09-2009, 06:19 AM
Nicu Buculei
 
Default Logging into GNOME as root

On 12/08/2009 10:42 PM, David Zeuthen wrote:


3. We probably need to do an even better job of discouraging
people logging in as root - I'm thinking we should show
a dialog explaining why this is bad and also show a red
background or something. Or maybe refuse to start gnome-session
altogether.


I think the key here is warning but without getting too annoying.
Refusing to start gnome-session will most likely make the person use
another DE instead, Xfce or something.


I think doing something like Windows XP is safe mode is OK: display a
warning dialog after login (maybe go the extra mile and provide a
checkbox "I uderstand I am doing, do not show it again") and a text (a
watermark?) over the background with "you are running as root".



Currently (rawhide) I don't get any warnings whatsoever if I log
into VT1 as root on a machine in run level 3 and type 'startx'. I
just get a stock GNOME desktop.


If someone goes to the steps of switching to run level 3 and running
'startx' by hand, you can assume he has a good understanding of what
he's doing and will be able to bypass any blockers.



Of course we could just say "don't use startx" but that's not how
things work (since we still ship startx) and I don't see that
changing. I don't regard "remove / neuter startx" as a fight worth
fighting either.


I agree, there are still legit uses for startx.

--
nicu :: http://nicubunu.ro :: http://nicubunu.blogspot.com/

--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list
 

Thread Tools




All times are GMT. The time now is 07:12 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org