Ticket #629 (closed defect: postponed)
root account allowed and used
| Reported by: | Ivan | Owned by: | ainulindale |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | SHR Image | Version: | SHR-unstable |
| Keywords: | root, privilege separation | Cc: |
Description
Practice of running software under root level privileges long time considered most idiotic on all modern distributions.
In order for SHR to be secure we have to disable root account for remote access and use sudo for system-wide command running by root.
All the software (including phone stack) needs to be assesed and run with as low priviledge as possible (CAPABILITIES might be helpful here).
Also we should utilize PolicyKit? in order to make priviledge escalation as transparent to end user as possible.
Change History
Note: See
TracTickets for help on using
tickets.
We know. We are not linux noobs :)
ATM we prefer fast feature rich apps that can do a lot, than having nothing at all.
We promise that once we have a working phone will make it secure, this is just not at the top of our TODO atm. I think it's a dupe btw, next time search (will hopefully search later myself), though anyhow, it's postponed to later times.
Btw, we can already change all the UI stuff to run as non root, it just means a little tweaking with the dbus permissions config (allowing the user "uiuser" to use it and also creating that user) and then just running ophonekitd (make sure there's nothing I'm missing) as that user.
shr-* can already run as any user with no need for a real change.
The main change is an IT change, and we are not IT guys, we'd appreciate getting help if you can provide it.