https://bugzilla.novell.com/show_bug.cgi?id=346987
User mmeeks@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=346987#c29
--- Comment #29 from Michael Meeks 2008-06-03 09:06:26 MDT ---
OTOH - a11y doesn't work running as root; reading the strace - it seems that
the root user manages to connect just fine to the main user's CORBA sockets -
and send & recieve useful events from the registryd.
The problem comes (obviously) when the user-space orca process wants to connect
to a root-owned socket, and start remote-controlling a process running as root:
as expected, the sockets are secure, and can't be connected to.
A simple 'chown -R michael /tmp/orbit-root' (while the app is running) lets
ORCA connect beautifully to a root yast2;
So - on the whole, it's not transparently obvious what to do here; clearly
there are risks running any app using a GUI toolkit as the root user - those
are clearly magnified by allowing the user to connect to a process running as
root and start tweaking it intimately.
I guess, one approach would be to make the ORB detect this mode: and get it to
create a socket in /tmp/linc-$USER instead of /tmp/orbit-$USER with that user's
permissions. OTOH - it's not totally clear to me how to reliably detect what
the master user is [ though we could perhaps steal that from grokking profiles
in the IOR on the root window ] - urgh.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.