-
-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Firejail/Flatpak applications display "as superuser" on window title #301
Comments
It's up to them to solve this, MATE apps know nothing about Firejail or Flatpak. |
For the record: This is probably a result of PID namespaces, and the effect should be observable with many sandboxing tools (firejail, bubblewrap, flatpack, ...) The PID from inside the sandbox, often a single digit number, is used to set _NET_WM_PID, and then probably the window manager checks outside the sandbox if this _NET_WM_PID belongs to the superuser (which it usually does). |
I'd suggest you use the XResource extension to query the LOCAL_CLIENT_PID value for the window from the X server rather than trust _NET_WM_PID which may be faked or running inside a different pid namespace. @monsta don't know if you want to reopen given the last couple of comments ? |
(I got linked to here from a KDE bug report with a similar problem) That's not a terrible idea, but blindly switching will break just as many places as it fixes. |
shouldnt matter unless one of the separate processes runs as root right? |
I wonder if this issue is related to why some of the flatpaks don't fit in with the DE I am using. Kinda like if I were actually running them as root. |
It is not useful, and some window managers misinterpret it and add some "runs as root" indication to the window decoration. See mate-desktop/marco#301
It is not useful, and some window managers misinterpret it and add some "runs as root" indication to the window decoration. See mate-desktop/marco#301
The bug is still present on |
I have tried LOCAL_CLIENT_PID This does not work either for sandboxed applications. |
Still a problem for me on Mint 19.3 with Flatpak apps. |
Same issue on Linux Mint 20 Mate with Flatpak applications. |
4 years have passed and the issue still exists. I just tried telegram with Mint Mate 20 and the taskbar title says "(as super user)" without "telegram" word at all. Will it be fixed one day? |
This bug does not present on any other DE or Wayland compositor, so I think it is up to Marco to fix it. |
I too am having this problem. In my case I have a flatpak version of KeePassXC which opens with superuser in the titlebar. I am concerned with this as KeePassXC has access to the internet. This only happens on the Mate desktop. It does not happen for example on XFCE. |
Maybe the issue is app-dependent? I see it on Slack and Zoom. MATE 1.26.0, Gtk 3.24.31. |
I can confirm this weird behavior with com.jetbrains.IntelliJ-IDEA-Community.
|
Same with org.nmap.Zenmap
So it isn't nice but not really a security problem. |
Confirmed, the issue doesn't exists when using metacity WM in Mate session. |
Interesting... |
btw if you are really bothered by this you can remove the "(as superuser)" altogether (even for root processes!) like so: |
The code section there makes it look like it might be simple to add a check for Firejail and/or Flatpak. |
Can you see if #742 (just merged) fixes this? If so it can be closed |
It doesn't seem to fix the issue for flatpaks |
The fix is here (merged) #741 |
Opps 741 needs to be merged. I will do that later. |
now it is merged :) |
@raveit65, @CuBeRJAN I've compiled Marco from source (commit |
Hello, Vorta Flatpak runs as "superuser". Any suggestion on what i should or shouldn't do would be appreciated. Or am i in wrong place? Our distro package Vorta version 0.8.3-1 is messed up too, reason i went to flatpak, should i find different backup software? |
Still present in Linux Mint 21.3 MATE. Fresh system install with first time online updates. All Flatpak apps that are launched from user account, has "as superuser" in title. Problem persists also after built-in flatpak 1.12.7 replacing to 1.14.6 from Flatpak PPA. |
Same (still present) on Ubuntu 24.04 with ubuntu-mate-desktop installed. |
Same on Ubuntu 22.04 with mate-desktop installed. Microsoft dropped the support for skype deb package... so it's a shame that after many years the bug is still present. |
Applications launched under Firejail and Flatpak include "(as superuser)" in their window's title even though they're not actually being ran as root.
More information from Firejail's issues tracker: (as superuser) in title bar.
Debian stretch, marco 1.16.0, firejail 0.9.44.2, flatpak 0.6.14.
The text was updated successfully, but these errors were encountered: