|
Bugzilla – Full Text Bug Listing |
| Summary: | /sbin/yast2 online_update starts firefox as root | ||
|---|---|---|---|
| Product: | [openSUSE] SUSE Linux 10.1 | Reporter: | Thomas Schmidt <tschmidt> |
| Component: | YaST2 | Assignee: | Jiří Suchomel <jsuchome> |
| Status: | RESOLVED WONTFIX | QA Contact: | Klaus Kämpf <kkaempf> |
| Severity: | Blocker | ||
| Priority: | P5 - None | CC: | hmuelle, meissner, security-team, suse-beta |
| Version: | Beta 6 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | Other | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Thomas Schmidt
2006-03-01 13:20:02 UTC
This must not happen. (This is unrelated to the register issue which uses FF too.) What is so difficult in writing a YAST Module which speaks SOAP to zmd server? This is known and it was agreed that the browser should run with least privileges. As I understand this, it is about the online_update module not about the suse_register one. suse_register is not part of the current beta, so he couldn't have encountered a bug in it :) You understand it correctly, that's why it is for me :-) I'm not sure how to handle this: 1. the process is started by root (as yast is running under root) 2. that it changes it's UID to UID of webupdater user - this works fine for webrick, but firefox than hasn't rights to X server. How should I give it such rights only for this session? "If /usr/sbin/web-updater-starter is running as a
root (and if USERNAME env.variable relly points to the user actually ownning
the X server rights) it could start firefox via 'sux
#{ENV['USERNAME']} -c firefox' "
Marcus, is this solution correct?
(comment taken from bug #154948)
Please check also this one, I don't know if the solution with USERNAME is correct. later reopening web-updater related bugs We have no web-updater, closing as irrelevant. |