Using sudo with graphical apps is bad, mmmkay?

Just a really quick note to check that all of you are really aware using sudo with a graphical app is bad.

You did know that, right? RIGHT?

I’m not an expert on this, but others are. So please, do:
gksudo gedit
kdesu kate
gksudo mousepad

if you want to edit with a graphical editor, and use plain sudo only with terminal editors.

This entry was posted in general, ICT, Planet Ubuntu. Bookmark the permalink.

19 Responses to Using sudo with graphical apps is bad, mmmkay?

  1. dino35 says:

    hi,
    interesting !!!
    but, what about all these wiki or forum seeding confusion. If i check my mind, (lol), i never found warnings or clear explication for human beeing (techies and geeks are aware indeed).

    regards

  2. Chris says:

    Can you explain why?

  3. Jonna says:

    You shouldn’t be running Gtk apps with root privileges at all.

  4. ethana2 says:

    The end user shouldn’t have to worry about it.

    Simonsays : autodetect GUI toolkit, give it appropriate permissions.

  5. Smarter says:

    @myrtti: for Kubuntu, it’s better to use kdesudo since kdesu is not easily accessible in KDE4(it’s in /usr/lib/kde4/libexec/ instead of /usr/bin)

  6. Smarter says:

    and kdesu is a symbolic link to kdesudo in Kubuntu 8.04 and 8.10.

  7. So we really have to be worried about wikis and forums… what you see the most is “type ‘sudo gedit something’ in terminal”. I hope gedit is one of the applications that have no problem with this sudo issue.

  8. Little Girl says:

    Hey there,
    Another good page on this:

    https://help.ubuntu.com/community/RootSudo

    And to muddy the waters a bit more, from Hardy Heron 8.04 to the present, the correct command in Kubuntu is:

    kdesudo kate

    In previous releases of Kubuntu, kdesu kate will do the trick.

  9. jldugger says:

    The problem is that the user’s local environment could leak a pathway from the internet to root. Visit some flash website in firefox, which makes a sneaky write to a config file; then run some gui app via sudo that reads from the config file. At that point, any vulnerability in the app may lead to root exploitation.

  10. Jonathan says:

    I’ve always wondered about this. My only question was I thought “they” were getting rid of gksudo. Or were they just replacing the previous/current implementation for accessing administrative graphical items like Synaptic and Services via gksudo with PolicyKit? Meaning, will gksudo still be around once PolicyKit is in full-swing?

    On a side note, it would be very helpful to have a button accessible in graphical apps like gedit where you could click it and change the process to an administrative-level app. Similar to what PolicyKit does actually.

  11. Pingback: Peng’s links for Tuesday, 11 November « I’m Just an Avatar

  12. Pingback: Miia Ranta » Daily Digest for 2008-11-11

  13. I’m not convinced you’re right.

    Running any application as root when it’s not needed is bad, because there’s more to go wrong, and it has potential to mess up permissions on config files used by your editor. However running kdesu[do] is still runnning the next application as root.

    sudoedit is the best solution. It copies the file (as root) to a temporary location. Lets you edit the file (as yourself in the editor of your choice) Then on exit, copies the file back (as root).

    That way as much as possible isn’t running as root.

  14. Troels Liebe Bentsen says:

    sudo on some GUI apps can be useful, fx.

    sudo gvim /boot/grub/menu.lst

    is much better than

    gksudo gvim /boot/grub/menu.lst

    Since with sudo my environment stays the same, meaning all my .vim* configurations from my normal user is used, giving me highlighting and other nice things. And you could properly find other apps were this would be the case as well.

  15. John P says:

    This depends on how you have sudo configured.

    Use sudo -H to set home to ~root when you use sudo. Or configure this, and other environment settings, in your sudoers file.

    Using the xauth PAM module, it is even possible to get sudo to create its own copy of the .Xauthority file. In fact, Fedora Core used to configure su that way (and may still do so, I mostly use Ubuntu now).

    So why does this advise apply to GUI apps, but not console apps? I’m not sure that blindly running non-GUI applications as root with the user’s environment set is any safer — in either case it depends upon the behaviour of the individual application and which config files it reads/writes.

  16. enliblendof says:

    The good resource is informative and actual

  17. There’s a few things here. A gui app may update lots of config files and be expected to run as a normal user so you may end up with files that can no longer be changed by a normal user.

    The environment issue, well you should run apps via the console with their full path. e.g /usr/bin/sudo /bin/ls

    Synaptic will be designed for root use but is far less secure than using /usr/bin/apt-get

    Some programs shouldn’t be run or be allowed to run via sudo at all, even /bin/more the sudoers NOEXEC option can help but is no complete fix. See vi versus sudoedit.

    Still it’s better than running your whole OS as a Windows Admin.