On Wed, Oct 20, 2004 at 05:23:47PM -0400, Alan Cox wrote: > On Mon, Oct 18, 2004 at 01:04:53AM +0100, Luciano Miguel Ferreira Rocha wrote: > > > You'd rather it did what KDE does and not drop privs at all, running > > > arbitrary eye-candy sub-processes as root? > > > > They can't be trusted to run as root? Can they be trusted to be run as > > any user at all? > > KDE doesn't support setuid usage, nor does gtk+. Its a sensible policy anyway. We're not talking about setuid usage. Nobody claims for xscreensaver to be set suid. xscreensaver is a normal application that should cause no problems for a user running it. If it fails that goal for root, or 'may fail', then it shouldn't be run as a normal user either. xscreensaver decision to setuid(nobody) when euid == 0 and then require a xhost + is just broken. I fail to see a situation where to run cute (tastes may vary) graphical animations as root would be a no-no, but to run with X unprotected a possibility. That it's not a good policy, sure. But it's not up to the developer to enforce the policy it feels best. IMO, of course. Regards, Luciano Rocha
