When Help topics are selected in the Mageia Control Center, a web browser (typically firefox) is started as superuser. While we all may trust the Mageia web pages, the fact that firefox runs as root is not obvious and most likely soon forgotten. This puts the system under unnecessary security risks. The browser should instead be opened for the user who logged in.
same with project url of any package in rpmdrake ?
Sorry, but this bug saw no action since over 2 yrs ago - no cauldron package has stayed the same - and is still assigned to Bug Squad. Closing as OLD Please reopen if this report is still valid for _current_ cauldron and/or fully updated Mageia 4
Status: NEW => RESOLVEDResolution: (none) => OLD
Noboby may have worked on it but it did not disappear by itself. Just run rpmdrake, select a package, select 'Details:' and click on the given URL. For me firefox opens and 'ps aux | grep firefox' says: root 3571 35.4 3.6 1643792 296980 pts/27 Sl+ 22:36 0:07 firefox http://p11-glue.freedesktop.org/p11-kit.html That actually is the 'feature' pointed out by Manuel Hiebel. Concerning the problem originally reported (and I am convinced both are due to the same security problem): Run 'drakconf', Select 'Help' -> 'Release notes' and firefox opens up (after having been closed before that) and 'ps' says: root 4448 24.6 3.3 1357424 266704 pts/27 Sl+ 22:46 0:03 /usr/bin/firefox http://wiki.mageia.org/en/Mageia_4_Release_Notes Works the same way with any other help item in drakconf, either at top-level or inside its sub-pages.
Status: RESOLVED => REOPENEDResolution: OLD => (none)
CC: (none) => mageia, mageia, thierry.vignaud
Thanks Konrad. I can confirm, for both MCC -> Help -> Release notes and for MCC -> <a package> -> Details -> URL Firefox is indeed started as root again. This was fixed before (see https://bugs.mageia.org/show_bug.cgi?id=287 ) Don't know what caused the regression.
CC: (none) => marja11Assignee: bugsquad => thierry.vignaud
Whiteboard: (none) => MGA4TOO
I just guessed it's because of the switch to polkit. I tag this one as a duplicate of the BR where this was identified *** This bug has been marked as a duplicate of bug 18288 ***
Status: REOPENED => RESOLVEDDepends on: (none) => 11125Resolution: (none) => DUPLICATE