GitLab

Three years ago, dolphin was prevented from being run with sudo or as the root user in 0bdd8e0b. The justification was to protect users from a security threat described in utilities/kate@9adcebd3.

Since then, we have received a large number of user complaints. We have always told them the same thing: that they won't need to run dolphin with sudo anyway once PolKit support for KIO is merged, as it was for Kate.

Unfortunately PolKit in KIO never got merged. It remains stuck, three years later. See frameworks/kio!143 for the latest status. So we are in the situation where we took away a feature before its replacement was ready, and then we repeatedly promised that the replacement would be ready soon, and it never was.

This represents a severe breach of trust for our users. I know that running Dolphin with sudo is not something anybody recommends, but taking away the feature before its replacement was ready using the justification that we were protecting users from themselves is something that I can totally understand people being upset about. Deleting the threatened feature is not an appropriate way to resolve a security threat. Linus Torvalds feels similarly: https://lkml.org/lkml/2017/11/21/356

Accordingly, this reverts the commit to disallow running Dolphin with sudo. Once PolKit in kio is merged, we can revert this commit and dis-allow it again before its replacement is actually released and available.

This only applies to X; on Wayland all GUI apps are already unconditionally prevented from running as the root user at the compositor level.