Capability::Reboot set without authentication
36 views
Skip to first unread message
Christoph Pleger
Jul 18, 2016, 4:07:37 AM7/18/16
to sddm-devel
Hello,
I added some lines in src/daemon/PowerManager.cpp for debugging. The debug output then showedme that, though my policykit rules define that root authentication is required for Reboot, Capability::Reboot is set to yes, though no root authentication took place. Why is this? Because, though some child processes are running with uid=sddm, sddm itself is running as root? If yes, it is possible to run sddm as non-root?
Regards
Christoph
I added some lines in src/daemon/PowerManager.cpp for debugging. The debug output then showedme that, though my policykit rules define that root authentication is required for Reboot, Capability::Reboot is set to yes, though no root authentication took place. Why is this? Because, though some child processes are running with uid=sddm, sddm itself is running as root? If yes, it is possible to run sddm as non-root?
Regards
Christoph
Pier Luigi Fiorini
Aug 15, 2016, 2:56:15 PM8/15/16
to Christoph Pleger, sddm-devel
2016-07-18 10:07 GMT+02:00 Christoph Pleger <chri...@plmail.de>:
Hello,
I added some lines in src/daemon/PowerManager.cpp for debugging. The debug output then showedme that, though my policykit rules define that root authentication is required for Reboot, Capability::Reboot is set to yes, though no root authentication took place. Why is this? Because, though some child processes are running with uid=sddm, sddm itself is running as root? If yes, it is possible to run sddm as non-root?
The daemon and especially the helper need root priviliges to run the Xorg server and user sessions, the greeter (user interface) doesn't need root priviliges hence runs with the sddm user.
Reply all
Reply to author
Forward
0 new messages