Red Hat Bugzilla – Bug 469539
gpk-application will not run as the root user
Last modified: 2008-11-04 07:57:17 EST
Description of problem:
for some reason, gpk-application hangs when it asks for the root password when installing things; fine, that's probably a policykit bug.
However: when I then try to run gpk-application as root .. it outright refuses to start because it thinks it knows better than me, the owner and sysadmin of my system, that I don't want to run this application as root.
Putting a warning up "hey you might not want to run this app as root", sure fine no big deal.
Outright refusing to start with no good option is obnoxious and almost reeks of disrespect due to the belittling mentality that shines through such policy decisions.
Please fix this by allowing the app to start and honor explicit commands of root on the system.
From somebody who triages the bugs, all the people who have reported run-as-root issues with gpk-application have been new users who log in as root using gdm "as it's what they do to configure the system". I don't agree this is the right way to do this with PolicyKit.
Also, with PolicyKit, just because you are running as the root user doesn't mean you are authorised to do all actions. I think David is working on a new feature in PolicyKit (something like AuthenticationImpliesAuthorisation iirc). He can tell you more.
Also, I'm not sure if it's a security problem using a GTK2 program using PolicyKit as root -- I'm guessing a local script could install silently pretty much anything using GTK_MODULES in this case.
What's the use case of using gpk-application as root?
My use case was simple: my non-root environment (PAM/PolicyKit) had issues (it ourright hung when wanting to ask for my finger print swipe) and wanted to fix it by installing the extra, missing packages.
The argument "but running it as root is a security issue".. guess what.. if I can do that I'm already root. What more bad can I do security wise?
And really, the reason "sensible" people run stuff as root, is that something is busted and need to run as root to recover something. Deliberately preventing such recover action upsets admins then greatly. Running as root in a way is "I know what I'm doing, do what I tell you".
Again, giving unsuspecting users a warning dialog, no problem. Not having a way to say "I know what I'm doing"... problem.
Created attachment 322287 [details]
What do you think of something like this?
I've merged that UI into git master.