Stephan Aßmus <superstippi@xxxxxx> wrote: > I don't quite get it. If an ordinary user is supposed to be able to > change the decorator, should he be required to become root in order > to > install it? It's quite simple: you must not allow to run any untrusted add-ons in a piece of trusted software, because that makes the whole thing vulnerable - and that's the same for media add-ons, kernel drivers, etc. The solution would be either to put the decorators into another team per user (ie. the sandbox approach), or by making sure only non- standard users (like root) can install them. > After all, when I switch users, I may want to see my > own window decor, and not that of the other user(s) logged in > concurrently. Which has nothing to do with the security issue. > If the decor affects my own user only, [...] If it runs in the app_server it does not only affect your user account only, that's the point. Bye, Axel.