cockpit-desktop: Don't run the browser as root

cockpit-project / cockpit

Cockpit is a web-based graphical interface for servers.

http://www.cockpit-project.org/

GNU Lesser General Public License v2.1

11.23k stars 1.11k forks source link

cockpit-desktop: Don't run the browser as root #15862

Open martinpitt opened 3 years ago

martinpitt commented 3 years ago

If cockpit-desktop is invoked as the root user, having a root cockpit desktop inside the browser is fine. But it should not start the browser itself (webkit, firefox, etc.) as root. Instead, detect this and run the browser as an unprivileged user (perhaps adm?) with a temporary home directory.

martinpitt commented 3 years ago

with a temporary home directory.

For the record, cockpit-desktop has done that from day one. We "just" need to run the browser as non-root user.