[Github-comments] [geany/geany] Domain socket error: Not working via sudo is a geany bug, not a feature or bug in sudo (#1150)
elextr
notifications at xxxxx
Sun Sep 18 03:12:52 UTC 2016
For the information of people who read this issue in the future.
It is mentioned above that some developers won't use Geany as root because of the risks. But it was not explained what the risk is.
The risk is because, as Geany is an IDE, it has the capability to run random commands, and as it has a plugin interface, it can run random code. If a root instance of Geany was to use the user configuration it could run, as root, commands or code installed as user. This could be any rubbish a user was experimenting with, or it could be malicious code installed with user privileges. Running user code as root is an archetypal privilege escalation attack.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/geany/geany/issues/1150#issuecomment-247822120
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.geany.org/pipermail/github-comments/attachments/20160917/e275d2a4/attachment.html>
More information about the Github-comments
mailing list