Github messages for voidlinux
 help / color / mirror / Atom feed
From: hippi777 <hippi777@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: wayland-compositors: use elogind
Date: Sat, 25 Apr 2020 21:48:14 +0200	[thread overview]
Message-ID: <20200425194814.Y4HCloyntct9e1NZdA28CEtzTLuKF0cu4G0mokc6tew@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-21233@inbox.vuxu.org>

[-- Attachment #1: Type: text/plain, Size: 1643 bytes --]

New comment by hippi777 on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-619431069

Comment:
hi there! :)

(others: plz correct me in case of need)

@ShinyRice: i believe they can, but that renders elogind useless, as it is a capability based protection right for avoiding setuid, or maybe im wrong here, as most likely it is about what u r already running in case of graphics stuffs, instead of what can be run... setuid is considered to be harmful cuz if the given app has a way to do anything nasty (like when it has a small bug or forgotten corner case), then it will do that with root privileges, and it can reach more stuffs than anything limited by capabilities... otherwise using a system alone (dont forget about special users, like admin for vesta control panel, just for an irrelevant example, as u probably wont have vesta on ur daily driver and u probably wont have graphics on ur server) means that other users wont be an issue for ur security, but if u run anything with ur own privileges that can harm u, then most likely u r already wrecked, as priv escalation have so many ways, and u probably care about ur data, not ur system, and ur data is already in the wrong hands even before a priv escalation :D

btw i think firejail, apparmor and whatever else could be used as well, but im not really in the depths of these topics to be enough self-confident about what im saying here :D

btw/2 is that possible to run whatever desktop environment that is installed into ~/ with the user as its owner (in case of a single user system), or they need some special permissions?

  parent reply	other threads:[~2020-04-25 19:48 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-22  2:44 [PR PATCH] " travankor
2020-04-22 17:25 ` ericonr
2020-04-23  1:12 ` ericonr
2020-04-23  1:12 ` ericonr
2020-04-23  7:08 ` travankor
2020-04-23  7:09 ` travankor
2020-04-23  7:10 ` travankor
2020-04-23 20:21 ` ericonr
2020-04-23 20:22 ` ericonr
2020-04-24  6:59 ` travankor
2020-04-25 18:22 ` ShinyRice
2020-04-25 18:23 ` ShinyRice
2020-04-25 19:43 ` hippi777
2020-04-25 19:48 ` hippi777 [this message]
2020-04-27 14:44 ` ericonr
2020-04-27 20:56 ` [PR PATCH] [Updated] " travankor
2020-04-27 20:57 ` travankor
2020-05-06  4:04 ` ericonr
2020-05-06  8:44 ` travankor
2020-05-06  8:47 ` travankor
2020-05-06  8:47 ` travankor
2020-05-06  8:49 ` travankor
2020-05-06 12:35 ` [PR PATCH] [Updated] " travankor
2020-05-06 19:15 ` ericonr
2020-05-06 21:51 ` ericonr
2020-05-28 21:08 ` ericonr
2020-05-29  7:30 ` travankor
2020-05-30 19:23 ` [nomerge] " ericonr
2020-05-31 18:36 ` travankor
2020-05-31 18:51 ` travankor
2020-05-31 21:29 ` ericonr
2020-05-31 21:30 ` ericonr
2020-08-04 20:30 ` ericonr
2020-08-14  2:31 ` travankor
2020-08-14  2:31 ` [PR PATCH] [Closed]: " travankor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200425194814.Y4HCloyntct9e1NZdA28CEtzTLuKF0cu4G0mokc6tew@z \
    --to=hippi777@users.noreply.github.com \
    --cc=ml@inbox.vuxu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).