Using sudo with graphical apps is bad, mmmkay?
11/11/08
Just a really quick note to check that all of you are really aware using sudo with a graphical app is bad.
You did know that, right? RIGHT?
I’m not an expert on this, but others are. So please, do:
gksudo gedit
kdesu kate
gksudo mousepad
if you want to edit with a graphical editor, and use plain sudo only with terminal editors.
hi,
interesting !!!
but, what about all these wiki or forum seeding confusion. If i check my mind, (lol), i never found warnings or clear explication for human beeing (techies and geeks are aware indeed).
regards
Reply
Can you explain why?
Reply
myrtti Reply:
November 11th, 2008 at 17:32
you might end up having some important files owned by root, as explained in one of the links.
Reply
You shouldn’t be running Gtk apps with root privileges at all.
Reply
myrtti Reply:
November 11th, 2008 at 17:31
and how would one run say, Synaptic then? ;-)
Reply
The end user shouldn’t have to worry about it.
Simonsays : autodetect GUI toolkit, give it appropriate permissions.
Reply
@myrtti: for Kubuntu, it’s better to use kdesudo since kdesu is not easily accessible in KDE4(it’s in /usr/lib/kde4/libexec/ instead of /usr/bin)
Reply
and kdesu is a symbolic link to kdesudo in Kubuntu 8.04 and 8.10.
Reply
So we really have to be worried about wikis and forums… what you see the most is “type ’sudo gedit something’ in terminal”. I hope gedit is one of the applications that have no problem with this sudo issue.
Reply
Hey there,
Another good page on this:
https://help.ubuntu.com/community/RootSudo
And to muddy the waters a bit more, from Hardy Heron 8.04 to the present, the correct command in Kubuntu is:
kdesudo kate
In previous releases of Kubuntu, kdesu kate will do the trick.
Reply
The problem is that the user’s local environment could leak a pathway from the internet to root. Visit some flash website in firefox, which makes a sneaky write to a config file; then run some gui app via sudo that reads from the config file. At that point, any vulnerability in the app may lead to root exploitation.
Reply
I’ve always wondered about this. My only question was I thought “they” were getting rid of gksudo. Or were they just replacing the previous/current implementation for accessing administrative graphical items like Synaptic and Services via gksudo with PolicyKit? Meaning, will gksudo still be around once PolicyKit is in full-swing?
On a side note, it would be very helpful to have a button accessible in graphical apps like gedit where you could click it and change the process to an administrative-level app. Similar to what PolicyKit does actually.
Reply
[...] Rhodes: The evolution of open source softwareDaniel Holbach: Combining Bug Jams and Packaging JamsMiia Ranta: Using sudo with graphical apps is bad, mmmkay?Emma Jane Hogbin: Screen casts: now with fade [...]
[...] Published a blog post. Using sudo with graphical apps is bad, mmmkay? [...]
I’m not convinced you’re right.
Running any application as root when it’s not needed is bad, because there’s more to go wrong, and it has potential to mess up permissions on config files used by your editor. However running kdesu[do] is still runnning the next application as root.
sudoedit is the best solution. It copies the file (as root) to a temporary location. Lets you edit the file (as yourself in the editor of your choice) Then on exit, copies the file back (as root).
That way as much as possible isn’t running as root.
Reply
sudo on some GUI apps can be useful, fx.
sudo gvim /boot/grub/menu.lst
is much better than
gksudo gvim /boot/grub/menu.lst
Since with sudo my environment stays the same, meaning all my .vim* configurations from my normal user is used, giving me highlighting and other nice things. And you could properly find other apps were this would be the case as well.
Reply
This depends on how you have sudo configured.
Use sudo -H to set home to ~root when you use sudo. Or configure this, and other environment settings, in your sudoers file.
Using the xauth PAM module, it is even possible to get sudo to create its own copy of the .Xauthority file. In fact, Fedora Core used to configure su that way (and may still do so, I mostly use Ubuntu now).
So why does this advise apply to GUI apps, but not console apps? I’m not sure that blindly running non-GUI applications as root with the user’s environment set is any safer — in either case it depends upon the behaviour of the individual application and which config files it reads/writes.
Reply
The good resource is informative and actual
Reply