Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1236528 (qt4-no-root)
| Summary: | qt4 apps cannot run as root | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | James Patterson <jamespatterson> |
| Component: | qt | Assignee: | Than Ngo <than> |
| Status: | ASSIGNED --- | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | dkutalek, extras-orphan, fedora, itamar, jamespatterson, jgrulich, jreznik, kevin, lrintel, ovasik, rdieter, smparrish, than, yulinux |
| Target Milestone: | --- | Keywords: | CommonBugs, Tracking |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | https://fedoraproject.org/wiki/Common_F22_bugs#hp-plugin-blank-window | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1185893, 1196237, 1212180, 1219284, 1229874, 1236529 | ||
|
Description
James Patterson
2015-06-29 11:16:50 UTC
do you have any specific examples? oh, via the linked bug, this is only about running apps as root apparently (correct me if I'm wrong). See also https://bugzilla.redhat.com/show_bug.cgi?id=1212180#c7, quote: As explained in bug 1185893 this has been discussed on the xorg-devel list and we do not consider this an Xorg bug, the problem is lack of proper error checking of the MIT SHM extension related X calls in the app / toolkit. This actually is a feature because people are now getting proper protection of unauthorized accesses to their shared memory segments where before anyone could access them (as the X-server was doing the accessing and it ran as root). So I'm re-opening this. Also gui apps should really not run as root, ever. I realize this is sometimes easiest, but we should not ship anything setup this way ootb and/or depending on this (running as root). Note I've also discussed this with the some qt people and it is fixed in qt5, and currently there are no plans to fix this for qt4, there answer to this problem is: Do not run gui apps as root. Note that there is a workaround for qt4 described in bug 1185893: kcalc --graphicssystem native Adjusting summary, workarounds include: 1. set QT_X11_NO_MITSHM=1 env var 2. set QT_GRAPHICSSYSTEM=native env var > Also gui apps should really not run as root, ever. I realize this is sometimes easiest
How does one run an app that needs root permissions then?
Say access to /dev/sdX (example for unetbootin)
One best practice these days is to use minimal (non-gui) helper apps that raise priveledge via policykit I'm an end-user, I can't do that. sorry for being unclear, it's what application authors/developers ought to be using *** Bug 1269862 has been marked as a duplicate of this bug. *** I cannot code, but I wonder if anyone could help with this: https://github.com/unetbootin/unetbootin/issues/56#issuecomment-190355265. |