Fwd: KWallet weaknesses (was: [PATCH] Make pinentry-qt read and store passphrases in KDE 3.2's wallet)
Martin Konold
martin.konold at erfrakon.de
Sat Dec 6 16:58:18 GMT 2003
Hi,
> > > it is the easiest solution since you really don't want to have a
> > > suid-root kwalletd.
> >
> > Why not?
Many good reason why to avoid suid binaries in KDE.
> > Suid-root is not bad security wise in every usage case.
>
> suid is always a security nightmare.
Well, the need for suid is a result of limitations of the traditional unix
security model. If you dont want to extend in (e.g. capabilities) your are
bound to its limitations.
On the other hand it might be a good idea to factor our the core parts which
to a simple, maybe even plain c non GUI daemon.
In general the approach used for gpg and its KDE integration should be
definetly secure enough.
Regards,
-- martin
Dipl.-Phys. Martin Konold
e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Nobelstrasse 15, 70569 Stuttgart, Germany
fon: 0711 67400963, fax: 0711 67400959
email: martin.konold at erfrakon.de
More information about the kde-core-devel
mailing list