Ingo Klöcker kloecker at kde.org
Thu Apr 30 20:55:33 BST 2009

On Thursday 30 April 2009, John Tapsell wrote:
> 2009/4/30 Modestas Vainius <modestas at vainius.eu>:
> > Hello,
> >
> > On 2009 m. April 30 d., Thursday 10:52:00 John Tapsell wrote:
> >> Can you give a "user story"  for this?  A typical use case?
> >
> > I think you are exaggerating importance of root on a typical
> > desktop machine. A typical user is not going to use root frequently
> > so probability to infect the system and infect it within 15 minutes
> > since the last sudo run is very small.
> A malicious program simply needs to wait in the background until the
> user has entered the root password.  Then it can elevate its
> privillages to root.  The system doesn't need to be infected during
> the 15 minutes, but at _any_ time previously.

A malicious program simply needs to "replace" kdesudo.

If your user account is owned, then anything you do can (and probably 
will) be controlled and, if possible, used to get root privileges. The 
change you propose for kdesudo might give you a warm fuzzy feeling, but 
this feeling is a false sense of security. It will not increase the 
security of your system by a single bit.

If you don't do so already, then I suggest to read Bruce Schneier's blog 
every once in a while.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20090430/675e77dd/attachment.sig>

More information about the kde-core-devel mailing list