Bug 469539 - gpk-application will not run as the root user
gpk-application will not run as the root user
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: gnome-packagekit (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Richard Hughes
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-02 01:39 EST by Arjan van de Ven
Modified: 2008-11-04 07:57 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-04 07:57:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
GUI modification (17.99 KB, image/png)
2008-11-03 05:17 EST, Richard Hughes
no flags Details

  None (edit)
Description Arjan van de Ven 2008-11-02 01:39:06 EST
Description of problem:

for some reason, gpk-application hangs when it asks for the root password when installing things; fine, that's probably a policykit bug.

However: when I then try to run gpk-application as root .. it outright refuses to start because it thinks it knows better than me, the owner and sysadmin of my system, that I don't want to run this application as root.

Putting a warning up "hey you might not want to run this app as root", sure fine no big deal.
Outright refusing to start with no good option is obnoxious and almost reeks of disrespect due to the belittling mentality that shines through such policy decisions.

Please fix this by allowing the app to start and honor explicit commands of root on the system.
Comment 1 Richard Hughes 2008-11-02 03:54:55 EST
From somebody who triages the bugs, all the people who have reported run-as-root issues with gpk-application have been new users who log in as root using gdm "as it's what they do to configure the system". I don't agree this is the right way to do this with PolicyKit.

Also, with PolicyKit, just because you are running as the root user doesn't mean you are authorised to do all actions. I think David is working on a new feature in PolicyKit (something like AuthenticationImpliesAuthorisation iirc). He can tell you more.

Also, I'm not sure if it's a security problem using a GTK2 program using PolicyKit as root -- I'm guessing a local script could install silently pretty much anything using GTK_MODULES in this case.

What's the use case of using gpk-application as root?
Comment 2 Arjan van de Ven 2008-11-02 10:45:54 EST
My use case was simple: my non-root environment (PAM/PolicyKit) had issues (it ourright hung when wanting to ask for my finger print swipe) and wanted to fix it by installing the extra, missing packages.

The argument "but running it as root is a security issue".. guess what.. if I can do that I'm already root. What more bad can I do security wise? 

And really, the reason "sensible" people run stuff as root, is that something is busted and need to run as root to recover something. Deliberately preventing such recover action upsets admins then greatly. Running as root in a way is "I know what I'm doing, do what I tell you".

Again, giving unsuspecting users a warning dialog, no problem. Not having a way to say "I know what I'm doing"... problem.
Comment 3 Richard Hughes 2008-11-03 05:17:50 EST
Created attachment 322287 [details]
GUI modification

What do you think of something like this?
Comment 4 Richard Hughes 2008-11-04 07:57:17 EST
I've merged that UI into git master.

Note You need to log in before you can comment on or make changes to this bug.