Some security concerns about this widget/app


I have installed this widget from the source in GitHub. It is in AUR as well. To my un-experienced eyes, it seems to run as root. That is why I am getting a bit concerned about the security of my installation. Please, if you have used or know something about it, share your experince and thoughts with me. I’ll greatly apreciate it.

I would say that any changes to the CPU’s frequency would require root access, so it makes sense that it’s running as such. It does mention it in the repo as well. It explains why it needs root access here:

That doesn’t mean there’s anything nefarious going on, just at least there seems to be a plausible explanation at face value. Would need a code review to be certain of course.


Yes, this is what I thought as well. It must have root access to make those kind of changes.

No, hopefully not.

Unfortunately that’s where I stop short. I have tried to make sense of some stuff from the files provided at GitHub but lacking the needed knowledge, it all seems to me to be written in cuneiform :sweat_smile:

1 Like

There’s not much going on. It elevates a simple bash script to be run as root [1].



Thank you so much for having taken your time to look at those files!

Good to know that nothing shady is going on.

It is actually a handy widget to control CPU/GPU frequencies from the panel. And it looks good as well. Then basing myself on your review, I’ll keep it.

Thanks again!

1 Like

The author prefers convenience and doesn’t want to ask for a password all the time, which seems reasonable esp. for a widget. I checked the widget out in the past myself, but because I don’t change CPU settings regularly I settled on (also in AUR).

Disclaimer: Everything looks OK today.


That is the one I used too before stumbling upon pstat-plasma. And it worked well.

Hope it stays like that tomorrow as well!

Thanks for your response @Schlaefer! I appreciate it.

1 Like