Revision history [back]
 | 1 | initial version | posted 2014-01-04 12:01:50 +0200  |
fingerterm runs with elevated privileges (EGID != GID)
Typing id in fingerterm reveals that it (and its shell) runs with gid=100000 (nemo) but egid=998 (privileged)
Now this seems to be the norm for most apps (mail, weather) but I think it is not a good idea for a command shell to start with (albeit slightly) elevated privileges
Moreover, perl notices the fact and switches to tainted mode, becoming too paranoid to be usable: (Insecure $ENV{PATH} while running setgid)
I found a solution, adapting (or cloning) /usr/share/applications/fingerterm.desktop to make it run a tiny script:
#!/bin/zsh # sorry, zsh user here...
EGID=$GID # drop elevated privileges (may not work in bash?)
cd # solve the "starting in root directory" problem while we're at it
exec fingerterm
This works, but I think this should be fixed by Jolla eventually
| | 2 | No.2 Revision |
fingerterm runs with elevated privileges (EGID != GID)
Typing id in fingerterm reveals that it (and its shell) runs with gid=100000 gid=100000 (nemo) but egid=998 (privileged)
Now this seems to be the norm for most apps (mail, weather) but I think it is not a good idea for a command shell to start with (albeit slightly) elevated privileges
Moreover, perl notices the fact and switches to tainted mode, becoming too paranoid to be usable: (Insecure $ENV{PATH} while running setgid)
I found a solution, adapting (or cloning) /usr/share/applications/fingerterm.desktop to make it run a tiny script:
#!/bin/zsh # sorry, zsh user here...
EGID=$GID # drop elevated privileges (may not work in bash?)
cd # solve the "starting in root directory" problem while we're at it
exec fingerterm
This works, but I think this should be fixed by Jolla eventually
| | 3 | No.3 Revision |
[fixed in 1.0.3.8] fingerterm runs with elevated privileges (EGID != GID)
Typing id in fingerterm reveals that it (and its shell) runs with gid=100000 (nemo) but egid=998 (privileged)
Now this seems to be the norm for most apps (mail, weather) but I think it is not a good idea for a command shell to start with (albeit slightly) elevated privileges
Moreover, perl notices the fact and switches to tainted mode, becoming too paranoid to be usable: (Insecure $ENV{PATH} while running setgid)
I found a solution, adapting (or cloning) /usr/share/applications/fingerterm.desktop to make it run a tiny script:
#!/bin/zsh # sorry, zsh user here...
EGID=$GID # drop elevated privileges (may not work in bash?)
cd # solve the "starting in root directory" problem while we're at it
exec fingerterm
This works, but I think this should be fixed by Jolla eventually