Feature changed by: Sławomir Lach (Lachu) Feature #310058, revision 4 Title: SUDO with sandbox -X integration openSUSE-11.3: Unconfirmed Priority Requester: Neutral Requested by: Sławomir Lach (lachu) Partner organization: openSUSE.org Description: Fedora team have developed sandbox -X, a tool allowing to run programs from desktop in sandbox, but still connected to X server. We should integrate this with Sandbox -X to avoid security holes by running some application as another user by sudo. Use Case: [code] sudo /sbin/yast2 [/code] Business case (Partner benefit): openSUSE.org: People are often using graphical tools as root on unprivileged user. PolicyKit is still not satisfied. Discussion: #1: Jan Engelhardt (jengelh) (2010-07-03 14:07:57) What exactly are you trying to protect against when su-ing to root anyway? + #2: Sławomir Lach (lachu) (2010-07-10 21:13:39) (reply to #1) + Sudo doesn't remember X Cookie in default configuration. That was + changed in OpenSUSE, but it's insecure. Using Sandbox -X we ensure no + connection with current X session is possible and we can working with + graphical tool. + + I don't believe this is necessary, while running application as root. + Some times root or other user will change effective userid to example + peter UID. -- openSUSE Feature: https://features.opensuse.org/310058