Bug 469539 - gpk-application will not run as the root user
Summary: gpk-application will not run as the root user
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: gnome-packagekit
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Richard Hughes
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-11-02 06:39 UTC by Arjan van de Ven
Modified: 2008-11-04 12:57 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-11-04 12:57:17 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
GUI modification (17.99 KB, image/png)
2008-11-03 10:17 UTC, Richard Hughes 		no flags Details
View All

Description Arjan van de Ven 2008-11-02 06:39:06 UTC 
Description of problem:

for some reason, gpk-application hangs when it asks for the root password when installing things; fine, that's probably a policykit bug.

However: when I then try to run gpk-application as root .. it outright refuses to start because it thinks it knows better than me, the owner and sysadmin of my system, that I don't want to run this application as root.

Putting a warning up "hey you might not want to run this app as root", sure fine no big deal.
Outright refusing to start with no good option is obnoxious and almost reeks of disrespect due to the belittling mentality that shines through such policy decisions.

Please fix this by allowing the app to start and honor explicit commands of root on the system.
Comment 1 Richard Hughes 2008-11-02 08:54:55 UTC 
From somebody who triages the bugs, all the people who have reported run-as-root issues with gpk-application have been new users who log in as root using gdm "as it's what they do to configure the system". I don't agree this is the right way to do this with PolicyKit.

Also, with PolicyKit, just because you are running as the root user doesn't mean you are authorised to do all actions. I think David is working on a new feature in PolicyKit (something like AuthenticationImpliesAuthorisation iirc). He can tell you more.

Also, I'm not sure if it's a security problem using a GTK2 program using PolicyKit as root -- I'm guessing a local script could install silently pretty much anything using GTK_MODULES in this case.

What's the use case of using gpk-application as root?
Comment 2 Arjan van de Ven 2008-11-02 15:45:54 UTC 
My use case was simple: my non-root environment (PAM/PolicyKit) had issues (it ourright hung when wanting to ask for my finger print swipe) and wanted to fix it by installing the extra, missing packages.

The argument "but running it as root is a security issue".. guess what.. if I can do that I'm already root. What more bad can I do security wise? 

And really, the reason "sensible" people run stuff as root, is that something is busted and need to run as root to recover something. Deliberately preventing such recover action upsets admins then greatly. Running as root in a way is "I know what I'm doing, do what I tell you".

Again, giving unsuspecting users a warning dialog, no problem. Not having a way to say "I know what I'm doing"... problem.
Comment 3 Richard Hughes 2008-11-03 10:17:50 UTC 
Created attachment 322287 [details]
GUI modification

What do you think of something like this?
Comment 4 Richard Hughes 2008-11-04 12:57:17 UTC 
I've merged that UI into git master.
Note You need to log in before you can comment on or make changes to this bug.