> Hi, > > > It's certainly the case that *gnome* might do something ridiculous if > > you 'sudo gedit' something, but 'sudo emacs' really ought to be > > equally acceptable regardless of whether you're using the terminal or > > X frontend. > emacs is probably okay, just by virtue of the fact that if the admin gives > the user the right to run emacs as root, they almost definitely trust the > user with general root access. > > In that same light, it's probably fine if the user running sudo has full > access to sudo anyway, but it's considerable riskier if it's a restricted > sudo configuration or say consolehelper (or worse a setuid application!). > The problem is that X is a big api and it's designed with the notion that > everyone who has access to the display is pretty much at the same > trust level. It's possible to prod and poke at one client from other clients > in pretty arbitrary ways. OK, so what are the risks under Wayland? Today I've found out that I'm unable to merge my rpm config files under Wayland. I've been using this for years: $ sudo rpmconf -a -f meld Currently, meld doesn't start this way. I don't know about any good merging tool in CLI. I spent 15 minutes trying to merge my config files with vimdiff, I started hating it with passion, and I ended up with broken configs. What solution are we going to offer people who can't do everything in console and need GUI tools to perform certain administrative tasks (I'm not really sure how polkit fits in this scenario)? Honestly, I'd rather run a nested X server to be able to use meld than to use vimdiff again, and I guess I wouldn't be the only one. Since the security is improved under Wayland, are non-elevated applications still able to eavesdrop or falsify input/output of elevated applications? The opposite direction is not that important, I think, because if you run something as root (regardless of CLI or GUI), you explicitly trust it to do almost anything to your system. If you decide to trust gedit or meld, I don't see the difference from trusting vim or emacs. Unless there's something in Wayland that is similar to vulnerabilities in X11? Thanks for explanation. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
