Hi,
CustaiCo wrote (29 Mar 2014 16:44:27 GMT) :
> On Fri, 28 Mar 2014 23:34:08 +0000
> Alan <alan@???> wrote:
>> I would avoid running a GUI as root and rather running the GUI as
>> amensia or a dedicated user and execute precise actions through
>> policykit (execute a command with pkexec or implement a dbus service)
Full ACK.
> Ah, I was incorrectly thinking that it ran as root currently, looking
> at it again, it appears that it runs as its own user. If I don't have
> to worry about the gui being able to allow dumb actions, this should
> not be a problem.
If the dialog for choosing the destination is run as non-root, and the
actual backup action is run as root, then the code has to check
whether the user picked a destination path where they have write
access, else they can very well choose /etc. Or, this GTK widget has
a way to filter out paths that are not writable by the current
user, perhaps?
Also note that tails-persistence-setup runs as its own user,
not as "amnesia".
>> > I'll admit to never having touched a line of
>> > gtk2 in my life untill I started in on this, but the only way I saw
>> > based on the documentation would be to fork the file picker dialog
>> > box as the amnesia user to prevent them from picking something bad.
>>
>> Please write GTK3 for tails 1.1 which will be the next major release,
>> based on debian wheezy.
I appreciate your attention to this kind of things, but I don't think
we will have all our stuff ported to GTK3 for 1.1 (and I don't see why
this should suddenly become a blocker for 1.1), so IMO CustaiCo can
choose themselves between the different described below. We can't
sensibly require people who want to improve our software to first port
it to GTK3.
> I was hoping on integrating it as well as possible with the existing
> persistence code.
Yes, please :) I like your "integrate with the existing steps"
approach, and t-p-s was written with this kind of extensibility in
mind, so it should be doable.
> Wouldn't doing it with gtk3 be blocked by
> https://labs.riseup.net/code/issues/6424 (Port tails-persistence-setup
> to Gtk3) ?
Correct. So, either you tackle #6424 first (which *might* be a good
way to dive into the t-p-s code), or you base your work on the current
"master" branch (GTK2), and $someone (you?) will later port these bits
to GTK3 when we port the rest.
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
