Looking for opinions on authorization frameworks for Pallet
Brandon Allbery
allbery.b at gmail.com
Fri Aug 7 13:42:10 PDT 2015
On Fri, Aug 7, 2015 at 4:34 PM, Rainer Müller <raimue at macports.org> wrote:
> I mean, most users already run the port command as root. Any security
> vulnerability that can be exploited in the GUI would most probably also be
> exploitable from the command line when running with 'sudo port'. Or what
> kind of
> vulnerability do you have in mind?
>
GUIs have a lot of moving parts and correspondingly higher attack surface,
including potential control of all other GUI applications; something run in
a terminal can't easily exploit the window system (especially with
environment sanitization so $XAUTHORITY and $WINDOWID etc. aren't visible
from X11 terminals, etc.). This is why many Linux/X11 programs issue
warnings if they discover they are running as root (see for example
wireshark).
--
brandon s allbery kf8nh sine nomine associates
allbery.b at gmail.com ballbery at sinenomine.net
unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/macports-dev/attachments/20150807/b74b7762/attachment.html>
More information about the macports-dev
mailing list