-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run only necessary helpers as root #589
Comments
Yes, asking to run HardInfo as root is just a crutch until a better way comes along; it's not only because of the GUI libraries that are huge, but also because the code in HardInfo doesn't do a whole lot of validation and is very likely to be easily exploitable. I'm adding this issue as a blocker to the next version. My preferred method would be invoking |
To fix this, we need to comb the code, looking for all commands that need to be executed as root, and come up with a plan. I don't want to make the root-only thing be able to execute anything, just some fixed command set. Maybe we can come up with a macro that helps us? For instance, instead of calling |
@lpereira thanks for feedback. I'm not very much of developer, but still think that privileged part is better to be separated. Some detailed thoughts.
|
Accidentally filed a duplicate, so adding my notes here. Running GUIs as root is also disabled by default with Xorg on some systems, and is entirely unsupported on Wayland. |
Running GUI applications as root is generally bad idea
(I cannot say about this better than https://bugzilla.gnome.org//show_bug.cgi?id=772875#c5) but hardinfo currently encourages it to show some low-level details (like ones that come from
dmidecode
output).Better way: request permission to run only necessary helpers as root using policykit or at least sudo (though former should be present on any modern desktop). I've only peeked into
dmiutil.c
and it seems that laziest way would be to runpkexec dmidecode ...
so polkit will take care about asking password and running requested program as root, maybe more optimal solutions exist too.Obvious caveats: users will hate to enter password multiple times on different tabs or when generating report. Output from helpers can be cached once to workaround this. Some software avoid similar issues by running separate escalated binary which communicates with main GUI program, too.
The text was updated successfully, but these errors were encountered: