[Ubuntu-x-swat] [Bug 401107] Re: Software runs as root
Security vulnerabilities must not be ignored! Robert, Cant LightDM use AppArmor or PolicyKit? -- You received this bug notification because you are a member of Ubuntu-X, which is subscribed to xorg-server in Ubuntu. https://bugs.launchpad.net/bugs/401107 Title: Software runs as root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/acpid/+bug/401107/+subscriptions ___ Mailing list: https://launchpad.net/~ubuntu-x-swat Post to : ubuntu-x-swat@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-x-swat More help : https://help.launchpad.net/ListHelp
[Ubuntu-x-swat] [Bug 401107] Re: Software runs as root
** Also affects: udev (Ubuntu) Importance: Undecided Status: New ** Also affects: udisks (Ubuntu) Importance: Undecided Status: New ** Also affects: upower (Ubuntu) Importance: Undecided Status: New ** Also affects: accountsservice (Ubuntu) Importance: Undecided Status: New ** Also affects: consolekit (Ubuntu) Importance: Undecided Status: New ** Also affects: lightdm (Ubuntu) Importance: Undecided Status: New ** Also affects: ubuntu-system-service (Ubuntu) Importance: Undecided Status: New ** Also affects: modemmanager (Ubuntu) Importance: Undecided Status: New ** Also affects: util-linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu-X, which is subscribed to xorg-server in Ubuntu. https://bugs.launchpad.net/bugs/401107 Title: Software runs as root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/401107/+subscriptions ___ Mailing list: https://launchpad.net/~ubuntu-x-swat Post to : ubuntu-x-swat@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-x-swat More help : https://help.launchpad.net/ListHelp
[Ubuntu-x-swat] [Bug 401107] Re: Software runs as root
Sigh, please stop doing this. You've been asked not to on more than one occasion already. ** No longer affects: accountsservice (Ubuntu) ** No longer affects: udisks (Ubuntu) ** No longer affects: ubuntu-system-service (Ubuntu) ** No longer affects: util-linux (Ubuntu) -- You received this bug notification because you are a member of Ubuntu-X, which is subscribed to xorg-server in Ubuntu. https://bugs.launchpad.net/bugs/401107 Title: Software runs as root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/acpid/+bug/401107/+subscriptions ___ Mailing list: https://launchpad.net/~ubuntu-x-swat Post to : ubuntu-x-swat@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-x-swat More help : https://help.launchpad.net/ListHelp
[Ubuntu-x-swat] [Bug 401107] Re: Software runs as root
LightDM must run as root to do authentication correctly and be able to create user session. ** Changed in: lightdm (Ubuntu) Status: New = Invalid -- You received this bug notification because you are a member of Ubuntu-X, which is subscribed to xorg-server in Ubuntu. https://bugs.launchpad.net/bugs/401107 Title: Software runs as root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/acpid/+bug/401107/+subscriptions ___ Mailing list: https://launchpad.net/~ubuntu-x-swat Post to : ubuntu-x-swat@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-x-swat More help : https://help.launchpad.net/ListHelp
[Ubuntu-x-swat] [Bug 401107] Re: Software runs as root
** No longer affects: consolekit (Ubuntu) ** No longer affects: modemmanager (Ubuntu) ** No longer affects: udev (Ubuntu) ** No longer affects: upower (Ubuntu) -- You received this bug notification because you are a member of Ubuntu-X, which is subscribed to xorg-server in Ubuntu. https://bugs.launchpad.net/bugs/401107 Title: Software runs as root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/acpid/+bug/401107/+subscriptions ___ Mailing list: https://launchpad.net/~ubuntu-x-swat Post to : ubuntu-x-swat@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-x-swat More help : https://help.launchpad.net/ListHelp
[Ubuntu-x-swat] [Bug 401107] Re: Software runs as root
Thanks for opening this bug report. Most of the daemons you've listed run as superuser as that is the only way to have the necessary privileges for them to operate correctly. In some cases, the daemons are protected by AppArmor profiles. This is the case with cups and dhcp3. If you have discovered a way of running some of the daemons you've listed above as a non-root user, without losing functionality, please open a separate bug report for each of them that includes instructions/patches. Thank you. ** Changed in: acpid (Ubuntu) Status: New = Invalid ** Changed in: bluez (Ubuntu) Status: New = Invalid ** Changed in: cron (Ubuntu) Status: New = Invalid ** Changed in: devicekit-power (Ubuntu) Status: New = Invalid ** Changed in: gdm (Ubuntu) Status: New = Invalid ** Changed in: ntfs-3g (Ubuntu) Status: New = Invalid ** Changed in: devicekit (Ubuntu) Status: New = Invalid ** Changed in: dhcp3 (Ubuntu) Status: New = Invalid ** Changed in: xorg (Ubuntu) Status: New = Invalid ** Changed in: xorg-server (Ubuntu) Status: New = Invalid ** Changed in: cups (Ubuntu) Status: New = Invalid ** Changed in: network-manager (Ubuntu) Status: New = Invalid ** Changed in: devicekit-disks (Ubuntu) Status: New = Invalid ** Changed in: samba (Ubuntu) Status: New = Invalid ** Changed in: wpasupplicant (Ubuntu) Status: New = Invalid -- Software runs as root https://bugs.launchpad.net/bugs/401107 You received this bug notification because you are a member of Ubuntu-X, which is subscribed to xorg-server in ubuntu. ___ Mailing list: https://launchpad.net/~ubuntu-x-swat Post to : ubuntu-x-swat@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-x-swat More help : https://help.launchpad.net/ListHelp
[Ubuntu-x-swat] [Bug 401107] Re: Software runs as root
If that is the only way, then the software is bad, and needs to be fixed or replaced. I do not want an insecure system and potentially exploitable system because of a setup with badly isolated processes and crappy software that requires superuser privileges. X.org can be fixed so it wont need to run as root, using kernel mode setting (KMS). OpenBSD is interested in this. http://www.phoronix.com/scan.php?page=news_itempx=NzM2MA I don't understand why a network daemon (winbindd from samba) needs root. That is absolutely stupid, and just begging to get hacked. It cant be much different from a HTTP or FTP server, and running that as root would be stupid. In dhcp3 there was recently discovered several security vulnerabilities. How convenient that it runs as root. http://www.debian.org/security/2009/dsa-1833 ** Description changed: - Binary package hint: cups - Software runs as root. This is bad, it should not run as a superuser, it is dangerous in terms of system security. This is unsafe. It should safely run as a non-privileged user. Following the principle of least privilege. http://en.wikipedia.org/wiki/Principle_of_least_privilege ** Changed in: xorg-server (Ubuntu) Status: Invalid = Confirmed -- Software runs as root https://bugs.launchpad.net/bugs/401107 You received this bug notification because you are a member of Ubuntu-X, which is subscribed to xorg-server in ubuntu. ___ Mailing list: https://launchpad.net/~ubuntu-x-swat Post to : ubuntu-x-swat@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-x-swat More help : https://help.launchpad.net/ListHelp
[Ubuntu-x-swat] [Bug 401107] Re: Software runs as root
Feel free to open bugs with upstream software if you think they need fixing. If they need to be replaced, feel free to open bugs here and suggest adequate replacements. Of course we want to reduce the quantity of software running as root. As such, as soon as it is feasible to run X.org without the setuid bit set, we will. Our dhcp3 packages provide an AppArmor policy which greatly reduces the risks of running it as root. ** Changed in: xorg-server (Ubuntu) Importance: Undecided = Wishlist -- Software runs as root https://bugs.launchpad.net/bugs/401107 You received this bug notification because you are a member of Ubuntu-X, which is subscribed to xorg-server in ubuntu. ___ Mailing list: https://launchpad.net/~ubuntu-x-swat Post to : ubuntu-x-swat@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-x-swat More help : https://help.launchpad.net/ListHelp
[Ubuntu-x-swat] [Bug 401107] Re: Software runs as root
Upstream video drivers require running as root in order to set the video modes. Some video drivers upstreams (-intel, -ati, -nouveau) are working on moving mode setting to the kernel, which in theory would enable X to run as non-root some day, but consider that Ubuntu works with a range of other video drivers from common ones like -nvidia to rarer ones like -geode, -psb, and -openchrome, all of which are popular in certain user segments but none of which have plans to implement KMS any time soon. ** Changed in: xorg-server (Ubuntu) Status: Confirmed = Won't Fix -- Software runs as root https://bugs.launchpad.net/bugs/401107 You received this bug notification because you are a member of Ubuntu-X, which is subscribed to xorg-server in ubuntu. ___ Mailing list: https://launchpad.net/~ubuntu-x-swat Post to : ubuntu-x-swat@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-x-swat More help : https://help.launchpad.net/ListHelp
[Ubuntu-x-swat] [Bug 401107] Re: Software runs as root
** Visibility changed to: Public -- Software runs as root https://bugs.launchpad.net/bugs/401107 You received this bug notification because you are a member of Ubuntu-X, which is subscribed to xorg-server in ubuntu. ___ Mailing list: https://launchpad.net/~ubuntu-x-swat Post to : ubuntu-x-swat@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-x-swat More help : https://help.launchpad.net/ListHelp