On Thu, 2006-03-30 at 11:09 -0500, Matthew Miller wrote: > On Wed, Mar 29, 2006 at 08:10:40PM -0500, David Zeuthen wrote: > > > Sounds good, although I wonder if it might be nicer to implement this in a > > > way similar to that described here: <http://blog.fubar.dk/?p=66>. > > Yea, that's what I was rambling about in my other mail. > > Are you interested in the run-as-user functionality for consolehelper I > suggested in your blog comments? I'd hate to see yet another duplication of > the how-to-let-regular-users-auth-for-higher-privs wheel. > > It seems like consolehelper has pretty much everything that's required for > that part of the process, except as it stands, it only can execute things as > root rather than running programs as your suggested unprivileged "system > user". No, my view is that consolehelper is fundamentally flawed. Now that we have something like D-BUS there is absolutely no reason, apart from laziness, that you ever want run X11 programs as root or another user. Think for a minute about just how much code runs with root. Not to mention desktop integration issues [1]. Yet, I note that even more programs in FC5 use consolehelper. I do realize it's the best Fedora got so far (and that this message comes across as harsh, sorry) but that doesn't mean we shouldn't replace it with something more secure along the way. I think that we, as the Fedora project, should have a goal of completely removing consolehelper from the distribution some day. It's a lot of work but the first step is having a consensus that we can do better. Actually I posted about what I think needs to be done in Fedora to do this right here http://lists.freedesktop.org/archives/hal/2006-March/004797.html though I didn't put in too much time thinking about it. Consider it at least inspiration. Btw, a lot of people (with or without an @redhat.com email address, not that it matters) might not agree with me here. Make up your own mind about this. David [1] : Try running System->Administration->System Log Viewer; open a log file and look at the file chooser. Not to mention gconf issues.
