greeneg at tolharadys.net
Thu Apr 30 16:34:41 BST 2009
On Thursday 30 April 2009 03:31:24 am Fred Emmott wrote:
> On Thursday 30 April 2009 10:43:28 John Tapsell wrote:
> > Again, could you give an actual example? We are talking about the
> > graphical version only here.
> "kdesu wireshark" is one I frequently use, and would be annoyed at having
> to retype my password.
> I also believe this is the wrong level to ask for a change in default sudo
> behaviour - instead, I'd suggest encouraging distributions/sudo to change
> the default value of timestamp_timeout - this way, the same issue you're
> worried about would also be fixed for terminal sudo users, and overridable
> by people who like the current behaviour.
> This approach:
> a) is already implemented
> b) doesn't require any kdesu changes
> c) doesn't make kdesu act differently to sudo from terminal
I shouldn't need to provide an example, John. What you're asking for tampers
with system policy, not just security.
Any tool that affects security in GNU/Linux has configuration backends for the
very reason that enforcing a set policy in the code doesn't fly for all
administrators, nor use cases. If I so choose as an administrator, I should
be allowed to set the password timeout to nigh on infinite, or turn off
password checking, or anything else that is normal for sudo and expect that
kdesudo honours my choices.
Gary L. Greene, Jr.
Sent from: peorth
08:26:15 up 88 days, 19:40, 10 users, load average: 1.05, 0.85, 0.73
Developer and Project Lead for the AltimatOS open source project
Volunteer Developer for the KDE open source project
See http://www.altimatos.com/ and http://www.kde.org/ for more information
Please avoid sending me Word or PowerPoint attachments.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part.
More information about the kde-core-devel