I run Debian 13 with MATE. I recently switched from the distro release to the flatpak version of FreeCAD, as the distro release is of course a few versions behind. Bear with me, as I am very new to using Flatpak or anything other than normal apt packages.
I just noticed that FreeCAD announces it is running as super user in the window title bar.
The interesting part is it doesn't ask for privilege escalation with password entry when I launch it.
Seeing as FreeCAD never ran as SU with the distro release installed via apt, and I don't think the program does anything that really needs SU... As much as I trust FreeCAD, this seems like a security hole I'd rather not have.
Is the Flatpak version running inside it's own "box" and it isn't getting SU permissions across my whole system? Or what am I missing here.
Even if sandboxed, why would it need su permissions?
Good question and without looking closer or verifying I'd guess it actually doesn't.
Usually such things happen because at some point someone had an issue with accessing a hardware device or something and this became the "fix" perhaps because udev was confusing.
If someone cares enough about it, tidying up loose flatpak packaging ends like that is often appreciated and a great way to contribute.
I wonder where it was installed from (flathub?) and whether it has something to do with the linux version. Since at least two of us don't see a superuser notification (turdas and me) but we are both on Fedora.
Yes I installed it from Flathub. IanTwenty's comment says it is a longstanding bug with the MATE environment I am using, where flatpak's running as a sandboxes process user ID show up as SU in the title bar when they actually aren't.
Thanks, that makes sense. All good I guess.
Well, but Flatpak also has the rule to not break anything by default.
And they call things like changing filesystem=host to the specific directories (home, run, mnt) "security theatre" and prefer waiting forever for legacy apps to magically fix it