He's not saying that sudo is dangerous but that a GUI program running in X11 as ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

simcop2387 on April 7, 2017 | parent | context | favorite | on: A Thank-You Note to the Hacker News Community from...

He's not saying that sudo is dangerous but that a GUI program running in X11 as root is dangerous. This is because most GUI toolkits aren't hardened against attackes (buffer overflows, badly formed events, etc.) that can all be sent as a non-privileged user/program under X11 to one that's running as root. This means that if someone had an exploit in your browser that let them see X11 events or send them to another window then they could potentially use that to gain root access the moment you went into ANYTHING that ran as root under you X session.

tetromino_ on April 7, 2017 [–]

Yes, exactly. I should have been more clear.

"sudo vim /etc/whatever.conf" is perfectly fine.

"sudo gedit /etc/whatever.conf" might give an attacker already on your system a way to gain root.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact