7

I just heard that it isn't recommended to use sudo -i on GUI programs - because it's less secure.

Is there any truth here - is there an advantage to this:

sudo -i gedit /random/file.name

over

pkexec gedit /random/file.name

I used to use gksudo, but that's been phased out, so now I use sudo -i to prevent root owning files in my home area. But should I really be using pkexec?

Here is a reason:

The environment that PROGRAM will run [in], will be set to a minimal known and safe environment in order to avoid injecting code through LD_LIBRARY_PATH or similar mechanisms. In addition the PKEXEC_UID environment variable is set to the user id of the process invoking pkexec.

Community
  • 1
Tim
  • 32,861
  • 27
  • 118
  • 178
  • 2
    There is nothing which is hidden from a root user with UID 0 – Mudit Kapil Jul 13 '15 at 18:03
  • 2
    Where did you hear it? I see nothing mentioned so far that sudo can't do (it can reset environment variables, and see the variables SUDO_USER and SUDO_UID). – muru Jul 13 '15 at 18:13
  • @muru the developer of elementary OS told me, saying I shouldn't use sudo in my answer. http://i.stack.imgur.com/eOXhJ.png – Tim Jul 13 '15 at 18:19
  • 1
    IMHO unless he can show a scenario demonstrating what he meant, he's just passing on "received wisdom" (to put it politely). I feel the only benefit of pkexec is that another user can authorize for you, but I'm no security expert. By the way, we can still view the eOS.se beta, so you can link to the discussion directly. – muru Jul 13 '15 at 18:24
  • 1
    @muru http://elementaryos.stackexchange.com/a/52/3 – Tim Jul 13 '15 at 18:30
  • 2
    Curious: pkexec needs to be configured to run graphical programs. Ubuntu, Debian and Arch Linux don't configure it for that by default. Does elementary OS? If not, asking users to use pkexec is just a hassle. And where there's hassle, users will switch to easier commands. – muru Jul 13 '15 at 18:33
  • @muru no, it's not. Hmm, I'll mention that, – Tim Jul 13 '15 at 18:34
  • Not sure about the question, but AFAIK sudo -H is also enough. However I was recently downvoted on an answer in which I suggested this, so maybe I'm wrong on this one – kos Jul 13 '15 at 19:06
  • 1
    ahum: http://askubuntu.com/questions/78352/when-to-use-pkexec-vs-gksu-gksudo – Rinzwind Jul 20 '15 at 14:14

1 Answers1

-1

I think the security concern you are referring to comes from the fact that if you use sudo, with or without the -i, you have an active permission to run sudo commands, for 5 minutes. If you were to do sudo vim /file.txt then leave, your computer unattended the sudo session would still be active. someone could come along and type sudo rm /file.txt or worse.

pkexec will prompt you for a password every-time, which would seem a little more secure.

I think Elementary OS is intended for schools, where the physical environment shouldn’t be considered secure. Students may well show up at your desk moments after you leave. Comparatively, in my Business office, where only 3 folks have the key, and my computer is moderately secure in the physical sense, I'm less concerned with untrusted individuals running in and using my PC unsupervised. If I run sudo command, then leave, I'm assuming no one will come in and give malicious sudo commands.

I make no claim to be a security expert, but I think that is what the elementary OS folks are thinking.

j0h
  • 14,825