site
contact
newsElectron ignores suid on binaries
Oh <insert expletive here>!
Balena Etcher is an Electron-based app. I posted that have removed it from the AppImage Installer:
https://bkhome.org/news/202306/goodbye-balena-etcher-appimage.html
However, still experimenting with it, some error messages on the terminal at startup. Then I made an awful discovery:
https://github.com/electron/electron/issues/18521
I am developing a strong dislike of sandboxed apps. Flatpaks, Electron, they are doing it, and making life difficult. I'm feeling that the whole approach of individual sandboxes is fundamentally wrong.
Anyway, in the case of Etcher, a binary such as /usr/bin/sudo, with setuid bit set, is not run as root. Instead it is run as user "etcher". Which defeats the whole purpose of sudo. Or, in the case of EasyOS, the binary is 'sudo-sh'.
The sandbox developer is overriding what distro developers want.
So, I'm annoyed. Extra annoyed because "--no-setuid-sandbox" is
also ignored.
Tags: easy