<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Fri, Aug 7, 2015 at 4:34 PM, Rainer Müller <span dir="ltr"><<a href="mailto:raimue@macports.org" target="_blank">raimue@macports.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div id=":1rt" class="a3s" style="overflow:hidden">I mean, most users already run the port command as root. Any security<br>
vulnerability that can be exploited in the GUI would most probably also be<br>
exploitable from the command line when running with 'sudo port'. Or what kind of<br>
vulnerability do you have in mind?</div></blockquote></div><br>GUIs have a lot of moving parts and correspondingly higher attack surface, including potential control of all other GUI applications; something run in a terminal can't easily exploit the window system (especially with environment sanitization so $XAUTHORITY and $WINDOWID etc. aren't visible from X11 terminals, etc.). This is why many Linux/X11 programs issue warnings if they discover they are running as root (see for example wireshark).<br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div>brandon s allbery kf8nh sine nomine associates</div><div><a href="mailto:allbery.b@gmail.com" target="_blank">allbery.b@gmail.com</a> <a href="mailto:ballbery@sinenomine.net" target="_blank">ballbery@sinenomine.net</a></div><div>unix, openafs, kerberos, infrastructure, xmonad <a href="http://sinenomine.net" target="_blank">http://sinenomine.net</a></div></div></div>
</div></div>