Don't run as root, you're a disaster waiting to happen.
In a certain way, yes: indeed, I'm not exempt from forgetting code that would (conditionally) bypass the security layer during development, and that I'll forget to remove in the release
. And without help or leads from some other people, I am unable to find such a code - by myself - to bypass the xdg-open's security.
If your program needs a specific right over and above those held by ordinary users, then you should be using POSIX capabilities.
I am 'root' in development only. I always test afterwards, regularly, the software as 'user01'.
Now, it's sure that the POSIX software layer which ensures the security, is clearly more aware than me, of the vulnerabilities that may exist, and is more consistent with its constant 'proprietary' + 'group' + 'others' strategy rights flags, to apply to the program when it is installed. In fact, I follow a "everything must be embedded with or near the binary" installation strategy, thanks to AppImage. It's my assumption, that hard disk space is no more
the limiting factor, for a client GUI application.
And while gdb has problems debugging that, gdbserver works perfectly well except - as I noted earlier - when trying to run something with a shebang (see PascalDragon's comments for the probable reason).
That's good to know. I would switch from fpDebug to gdbServer temporarily in the future, when I'll suspect a specific right problem.
Thank you - all - for your contributions. I close this thread, concerning me.