The GIMP opens in superuser mode
This discussion is connected to the gimp-user-list.gnome.org mailing list which is provided by the GIMP developers and not related to gimpusers.com.
This is a read-only list on gimpusers.com so this discussion thread is read-only, too.
| The GIMP opens in superuser mode | Leslie Katz | 03 Apr 17:47 |
| The GIMP opens in superuser mode | Jehan Pagès | 05 Apr 22:06 |
| 6b008352-283e-ee14-1909-d69... | 06 Apr 20:37 | |
| CAFgjPJ8r129R82PDg9J2F01Ym7... | 06 Apr 20:37 | |
| 5deffdfb-a3ca-c418-23ed-dcc... | 06 Apr 20:37 | |
| The GIMP opens in superuser mode | Jehan Pagès | 06 Apr 20:36 |
| The GIMP opens in superuser mode | Steve Kinney | 06 Apr 00:42 |
| The GIMP opens in superuser mode | Liam R E Quin | 06 Apr 01:41 |
| The GIMP opens in superuser mode | Steve Kinney | 06 Apr 03:40 |
| The GIMP opens in superuser mode | Liam R E Quin | 06 Apr 04:05 |
| The GIMP opens in superuser mode | Steve Kinney | 06 Apr 07:12 |
| The GIMP opens in superuser mode | Patrick Shanahan | 06 Apr 12:18 |
The GIMP opens in superuser mode
Apologies. I couldn't figure out how to reply directly to my own earlier message, so I'm doing so by a fresh post with the same title as my original post, in case anyone should be helped by my reply.
The GIMP says in its title bar that it's running in superuser mode, but I've now found that it really isn't. Its wrongly saying so is a function of its having been installed through flatpak.
Leslie
Leslie Katz email: lesliek [at] mymts [dot] net Please visit http://ssrn.com/author=1164057 to find hyperlinks to papers that I’ve written on literary and legal topics
The GIMP opens in superuser mode
Hello,
On Tue, Apr 3, 2018 at 7:47 PM, Leslie Katz wrote:
Apologies. I couldn't figure out how to reply directly to my own earlier message, so I'm doing so by a fresh post with the same title as my original post, in case anyone should be helped by my reply.
The GIMP says in its title bar that it's running in superuser mode, but I've now found that it really isn't. Its wrongly saying so is a function of its having been installed through flatpak.
I saw in your other email that you use Ubuntu. Is it a feature of Ubuntu to tell when a software is run as superuser? In any case, I have no idea about this issue. Does that say the same thing with other flatpak-installed software or only GIMP?
Jehan
Leslie
--
Leslie Katz
email: lesliek [at] mymts [dot] net
Please visit http://ssrn.com/author=1164057 to find hyperlinks
to papers that I’ve written on literary and legal topics _______________________________________________ gimp-user-list mailing list
List address: gimp-user-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list List archives: https://mail.gnome.org/archives/gimp-user-list
ZeMarmot open animation film http://film.zemarmot.net Liberapay: https://liberapay.com/ZeMarmot/ Patreon: https://patreon.com/zemarmot Tipeee: https://www.tipeee.com/zemarmot
The GIMP opens in superuser mode
On 04/03/2018 01:47 PM, Leslie Katz wrote:
Apologies. I couldn't figure out how to reply directly to my own earlier message, so I'm doing so by a fresh post with the same title as my original post, in case anyone should be helped by my reply.
The GIMP says in its title bar that it's running in superuser mode, but I've now found that it really isn't. Its wrongly saying so is a function of its having been installed through flatpak.
Leslie
Wow, that's kind of scary. If any doubt remains, I would try to save an XCF file in a directory users can't write to, say /dev, and see what happens.
It /should/ be impossible for a program opened by a 'regular' user to run in superuser mode, unless the regular user enters the root password. It that can be done, it means the whole operating system is compromised and needs reinstalled yesterday if not sooner.
:o)
The GIMP opens in superuser mode
On Thu, 2018-04-05 at 20:42 -0400, Steve Kinney wrote:
It /should/ be impossible for a program opened by a 'regular' user to run in superuser mode, unless the regular user enters the root password.
It can happen if the program's binary is owned by the root user and is mode u+s (set-userid).
Liam (ankh)
Liam Quin - web slave for https://www.fromoldbooks.org/ with fabulous vintage art and fascinating texts to read. Click here to have the slave punished or rewarded.
The GIMP opens in superuser mode
On 04/05/2018 09:41 PM, Liam R E Quin wrote:
On Thu, 2018-04-05 at 20:42 -0400, Steve Kinney wrote:
It /should/ be impossible for a program opened by a 'regular' user to run in superuser mode, unless the regular user enters the root password.
It can happen if the program's binary is owned by the root user and is mode u+s (set-userid).
Liam (ankh)
Yikes.
One "should" not allow this either, without a very good reason...
:D
The GIMP opens in superuser mode
On Thu, 2018-04-05 at 23:40 -0400, Steve Kinney wrote:
On 04/05/2018 09:41 PM, Liam R E Quin wrote:
On Thu, 2018-04-05 at 20:42 -0400, Steve Kinney wrote:
It /should/ be impossible for a program opened by a 'regular' user to
run in superuser mode, unless the regular user enters the root password.It can happen if the program's binary is owned by the root user and is
mode u+s (set-userid).Liam (ankh)
Yikes.
One "should" not allow this either, without a very good reason...
On most user applications, no, although ls -l /usr/bin/ | grep '^[^ ]*s' | wc -l gives 36 results here (many setgid rather than setuid, and not all owned by root, but e.g. su, sudo, umount, all have to be root-owned and suid.).
It's possible to disable set-userid file modes from being respected using a mount option, but using that on the system partitions would break yuor system.
Liam Quin - web slave for https://www.fromoldbooks.org/ with fabulous vintage art and fascinating texts to read. Click here to have the slave beaten.
The GIMP opens in superuser mode
On 04/06/2018 12:05 AM, Liam R E Quin wrote:
On Thu, 2018-04-05 at 23:40 -0400, Steve Kinney wrote:
On 04/05/2018 09:41 PM, Liam R E Quin wrote:
On Thu, 2018-04-05 at 20:42 -0400, Steve Kinney wrote:
It /should/ be impossible for a program opened by a 'regular' user to
run in superuser mode, unless the regular user enters the root password.It can happen if the program's binary is owned by the root user and is
mode u+s (set-userid).Liam (ankh)
Yikes.
One "should" not allow this either, without a very good reason...
On most user applications, no, although ls -l /usr/bin/ | grep '^[^ ]*s' | wc -l gives 36 results here (many setgid rather than setuid, and not all owned by root, but e.g. su, sudo, umount, all have to be root-owned and suid.).
It's possible to disable set-userid file modes from being respected using a mount option, but using that on the system partitions would break yuor system.
Ah so. My comprehension of Linux internals is only rudimentary, but once pointed out it's obvious that su, sudo and umount would be owned by root - only root can do the things they enable a user with the root password to do.
A graphics editor or a wrapper for portable applications? Not so much. :D
The GIMP opens in superuser mode
* Steve Kinney [04-06-18 03:15]:
On 04/06/2018 12:05 AM, Liam R E Quin wrote:
On Thu, 2018-04-05 at 23:40 -0400, Steve Kinney wrote:
On 04/05/2018 09:41 PM, Liam R E Quin wrote:
On Thu, 2018-04-05 at 20:42 -0400, Steve Kinney wrote:
It /should/ be impossible for a program opened by a 'regular' user to
run in superuser mode, unless the regular user enters the root password.It can happen if the program's binary is owned by the root user and is
mode u+s (set-userid).Liam (ankh)
Yikes.
One "should" not allow this either, without a very good reason...
On most user applications, no, although ls -l /usr/bin/ | grep '^[^ ]*s' | wc -l gives 36 results here (many setgid rather than setuid, and not all owned by root, but e.g. su, sudo, umount, all have to be root-owned and suid.).
It's possible to disable set-userid file modes from being respected using a mount option, but using that on the system partitions would break yuor system.
Ah so. My comprehension of Linux internals is only rudimentary, but once pointed out it's obvious that su, sudo and umount would be owned by root - only root can do the things they enable a user with the root password to do.
A graphics editor or a wrapper for portable applications? Not so much. :D
not knowing flatpack, the package was probably installed using root account and took the installer account perms and file locations. if installed into root's home, would indeed have root perms, even as illogical as that would be.
(paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode
The GIMP opens in superuser mode
Hi!
On Fri, Apr 6, 2018 at 3:26 PM, Leslie Katz wrote:
On 2018-04-06 08:14 AM, Jehan Pagès wrote:
For the record, I opened a bug report at flatpak (I searched and could not find an existing one): https://github.com/flatpak/flatpak/issues/1557
Thank you for letting me know. I'm sure it would have been beyond me to do it myself!
Actually it's not beyond anyone. It is just about politely asking about a problem, just like you did on this mailing list. ;-)
By the way, are you using the Mate desktop as well, or another desktop?
As you may see, flatpak people closed the bug report saying this is just a
detection bug from Mate, which is "fun" because Mate closed its own report
saying flatpak and firejail (another sandbox system, if I got it right?)
had to fix this on their side.
Well in the end, not sure when it will get fixed. I feel like someone needs
to push a bit (yet still nicely/politely) here or there. :-D
Jehan
Best wishes,
Leslie
--
Leslie Katz
email: lesliek [at] mymts [dot] net
Please visit http://ssrn.com/author=1164057 to find hyperlinks
to papers that I’ve written on literary and legal topics
ZeMarmot open animation film http://film.zemarmot.net Liberapay: https://liberapay.com/ZeMarmot/ Patreon: https://patreon.com/zemarmot Tipeee: https://www.tipeee.com/zemarmot
