Originally posted by markg85
View Post
CAP_SYS_RESOURCE grants it on others of course default sudo or default running as root you have both. That is right when a partition reads 100 percent its not really 100 percent full under Linux. This means the system should soft land so data be recoverable in most cases. This is not the only reserved allocation. Now you have a program running with Elevated permissions of cap_sys_admin its large and it goes wrong.
Lot of the times the crashes appear harmless as root user given capabilities.
Lets say you modify dolphin to drop capabilities that it really should not have if that happened dolphin running as root would not be as much of a major risk .
CAP_CHOWN,. CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH, CAP_FOWNER, CAP_SETFCAP and possible CAP_FSETID is all you should need for a plain file manager. Except dolphin is not just a file manager it has integrated terminal and other things.
Yes it possible to create a wrapper to assign those capabilities to dolphin running as your normal user. Yes if you did you might be very surprised that the majority are not doing anything as dolphin that really does need the full set privileges.
Now there are a set of problems.
1) dolphin is not designed to run privileged be it Linux/Freebsd .....
2) dolphin does contain means to display what privileges it running with.
3) dolphin does not have code to drop any privileges it will never need.
Please note all this privileges handling is platform particular code. Even under OS X and Windows there are ways to drop OS granted privilege you don't need.
Yes other than the polkit work no one has been stepping forward todo it. Yes disable sudo did get a developer to work on the polkit work.
Originally posted by markg85
View Post
Originally posted by markg85
View Post
So on to round 9.
Comment