Behavior of Application ran from menu?

Since i can’t manage to fix my problem when running graphical tools as root, i would like to know what is the difference between if i run the application as user, or if i run it from the Application menu which prompt me for the root password, and run it as root ?

I know for example that Firefox run as sandboxed but does not prompt for root password, running Burpsuite from menu though prompt root password and in the title bar it was written sandboxed when it worked.

I mean running as root applications that might not need it is bad, so why all the security applications in menu ask for the password ? And i checked its not just a security measure, the tool really launch as root, even with CLI tools.

Rule of thumb: If an application makes changes to your SYSTEM than it must be run as root. Some applications are " exotic" and should never be ran as root as the changes they make (at root level) are not really what you want. Tor Browser and Wireshark are two examples.

Due to the nature of such programs it is undesirable . Think about “counterattacks” or stepping into a honeypot or malicious code coming in through your Tor Browser for example.

When you see " as root" (oor superuser in Ubuntu) in the top of Firefox it means it is sandboxed by firejail, that’s it. It doesn’t necessarily run at root level. (correct me if I’m wrong)

1 Like

Thanks, i knew about that, but then why is the menu applications made to run for example Burpsuite as root, even though i can launch it as user, or even worse Owasp-mantra-ff, which is a browser ?

I think that has to do with the full set of features that comes with such applications. Something like as root you can do everything and as user only so much…
User for snooping around and root for actually doing things. I know this is valid with Zaproxy. And Burpsuite is a similar application.

1 Like

I see thanks, i thought most applications did not need root, i will still wait for a dev’s answer though for why tools like owasp mantra run as root because it’s quite dangerous.

It has to run as root. User doesn’t have he right permissions. :wink:

1 Like

the label in the title bar states as root or sandboxed because i wasn’t able to find a practical way to distinguish processes running as root from those running unprivileged inside the sandbox, because they appear as root processes for the system in both the cases

applications like firefox, geany, pluma or libreoffice run inside a sandbox, and no password is asked to run sandboxed processes

security tools like burpsuite, zaproxy, armitage or zenmap are run as root (unsandboxed) and the password is asked to elevate the privileges of that particular process as it needs to be run as root

this is the official answer to your question and it is the full description of what happens in the system

your misunderstanding was just caused by the fact that both sandboxed and privileged processes will have the same label in the title bar because the sandbox engine itself is a suid process running as root, because it needs to build a little virtualized environment for the unprivileged process

2 Likes

Security tools are running by menuexecg command, which is requiring and providing root permission. If you are running from menu, you can edit “running command” in “edit menu” and delete menuexecg. If you are running from your terminal, your tools should be run as root user or sandbox.

1 Like