On Thu, Mar 03, 2005 at 04:02:57PM -0500, Havoc Pennington wrote:
One problem is that if you can run a GTK app as root (anything equivalent to setgid) then you can probably hack that app and do bad stuff, http://gtk.org/setuid.html So it's probably a requirement in all cases that we split out a backend that runs as root and have the UI separate.
Yes, sounds very sane.
Plus, as long as we're using SELinux, that could definitely help here.