[Bug 698250] AUDIT-0: colord: new dbus and polkit rules
https://bugzilla.novell.com/show_bug.cgi?id=698250
https://bugzilla.novell.com/show_bug.cgi?id=698250#c6
Vincent Untz
Is it really necessary to run this as root? It links to a lot of libararies and contains SQL injection vulnerabilities via its sqlite3 calls.
Why does it actually need root privs? To write the system wide settings files?
A new version of colord (in GNOME:Factory right now) allows the use of a non-root user, see http://gitorious.org/colord/master/commit/75c7028157e8c8abeea0e510445a86bbcf... This commit log is also of interest: http://gitorious.org/colord/master/commit/06c6477831a6d4cb4297b6b9a6bff23f94... "Ensure uid 0 can create devices and profiles even when not on the active console When colord is running as the root user then this magically works, even though daemons like cups are not on an active console. If you switch colord to running as a private user then PolicyKit no longer implicitly grants the authorisation from the root user, and this means that printers cannot be registered with colord. By checking for the uid we can grant an implicit authorisation ourselves before asking PolicyKit." -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com