patday8472 wrote: ↑
Sat Jan 26, 2019 7:13 pm
So if I am understanding you correctly. You both are saying any distro not just Mint that has gksu installed, should be run as root. That makes no sense to me. Couldn't you just block gksu from communicating with a firewall?
When I had 18.3 Linux mint xfce on both systems. I did banking with gksu installed.
First, "You both are saying any distro not just Mint that has gksu installed, should be run as root." is not something I said, zcot said, nor did either of us imply. reread the part I bolded from my quote of zcot a bunch of times- it will eventually become clearer, i swaer... the hypothetical situational question (if that makes sense to you, it does to me and I can elaborate if you need me to) is:
"Why not just run as root instead?" (sans sarcasm, it is a totally legit question, reread it!)
and really, why not? if you have determined you will never be vulnerable to the exploit behind a package that basically gets it pulled from huge base distros (e.g. ermmm/gosh, Debian and Ubuntu) then why not take full responsibility for your decision and simply run all as root.
Please know I do not care what you do and will support you(r) decisions regardless, even help you do something entire community demeans or cautions against because I am not your system vigilance, you are... ask me how and I will do my best to help, and explain my thought process (which makes for very long threads at times;) since I do not have Linux experience. but for sure I have some common sense and honesty in ability and I do try to clearly communicate both every time I initially respond to any on these forums.
Speaking for myself only, if other distros are running critical level vulnerable packages then shame is on the distro devs, primarily, as well on the user for continuing to do so- especially when made aware of such a remote&network exploitable package, if precautions are not taken and enforced.
Firewalling may be an option, but really- what makes you think even a simple and semi-safe task such as browsing internets with an internet browser doesn't subject you to dangerous scripts (which could evoke the vulnerability). My questions are to the general populace, if you have protections setup and working on your own then it simply does not apply... but these forums are public readable and built in to Linux Mint on where to go to get help.
for me it is not a race to patch and protect any more, it is simple- there are other options...and they may not be as convenient but
you are no longer vulnerable due to outdated and unmaintained packages designed to give a user (any user) root level privileges...
and really, what could be the issue over inconvenience? with gksu wrappers in pkexec or other commands to do what you wanted to do before? It sounds more like an exercise in laziness to avoid change, while taking on the burden of security for system by self instead of package and distro maintainers doing it for you. Trust Linux, trust Windows, trust Mac, it don't matter who you trust, but you are going to need to trust someone- or validate all the code yourself and compile your own version of secure OS.
as far as using gksu in LM18.3 XFCE I cannot comment. I do clearly recall having to interpret commands I was seeing in these forums when I was a brand new install fella of LM18.3 Cinnamon (and later 18.3 Mate) because I did not have gksu and gedit (two commands I recall trouble doing from last Spring, first install of Linux in ten years, being LM18.3).
I do not know why nor how you were able to gksu your banking needs in 18.3 XFCE, unless you had a wrapper effect for some other command underneath which you were unawares of. I'd consult the various packages and all change logs to determine if I need to yell at someone for leaving me vulnerable for so long, or humble down and see how dev's smoothed the transition of an insecure package out to a more secure package in. Otherwise I have no experience with the old ways and feel fresh, and safe(r) knowing the new ways require an additional step- or a change in command, to keep my system safe(r).
hope this helps~