[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gtk-app-devel
Subject:    Re: No protocol specified error
From:       Emmanuele Bassi <ebassi () gmail ! com>
Date:       2017-11-04 12:38:09
Message-ID: CALnHYQGbohC3wpLQ=8Eu=s-xSf6mQD7TesszXkXNhKCrEUx6sA () mail ! gmail ! com
[Download RAW message or body]

On 4 November 2017 at 06:08, Lokesh Chakka
<lvenkatakumarchakka@gmail.com> wrote:
> Dear Felipe,
>
> I have refereed the link. As the application I am writing needs root
> privileges, I must use sudo ./a.out. No other option.

Of *course* there are other options for you: this is software
development, not surgery.

The appropriate course of action, as Felipe outlined, is:

 - split the business logic that requires administrator privileges of
your application from the GUI bits
 - move that business into a daemon listening on the system bus and
exposing a DBus interface
 - use polkit to deal with the privilege escalation, and write a small
policy file
 - have the GUI call into the DBus interface on the system bus

Alternatively:

 - do not write a GUI application
 - require running under X instead of Wayland, and assume
responsibility for the potential security side effects; not that
running applications under X as root is recommended, either

Running GUI applications as administrator means that your exposing
yours and your users' data to a massive, unaudited code base, that may
or may not open random shared modules — like input methods, image
loaders — and parse multiple files from random locations.

It's more secure to start from a completely sandboxed environment and
gradually opening it up on demand, than running a completely open
environment and then closing it down.

Ciao,
 Emmanuele.

-- 
https://www.bassi.io
[@] ebassi [@gmail.com]
_______________________________________________
gtk-app-devel-list mailing list
gtk-app-devel-list@gnome.org
https://mail.gnome.org/mailman/listinfo/gtk-app-devel-list
[prev in list] [next in list] [prev in thread] [next in thread]