Security Concern

James Richard Tyrer tyrerj at acm.org
Fri Mar 6 23:03:56 GMT 2009 

Nathan England wrote:
> Hello Hello,
> 
> I realize this is bad form, but regardless it works. I have my user
> setup as part of the wheel group, so sudo automatically elevates me
> when I use it. I have several files that I will access and make
> changes to with my root user, and occassionaly I use kwrite as my
> user running under sudo to access those files as well.
> 
> I decided to create a shortcut on my desktop, so I clicked the kmenu,
> typed in kwrite and then right clicked it and select 'add to panel'.
> It did so, then I edited the icon settings and changed it to execute
> 'sudo kwrite'
> 
> It all works well, but when I tried to open kwrite, NOT from my panel
> shortcut which opens sudo kwrite, but from the kmenu I found it had
> edited my short cuts globally and it always opens kwrite in sudo
> mode...
> 
> Is this to be expected, or is this a bug as the system is not
> creating a "new" shortcut but rather a pointer to the real one????
> 
> Any thoughts, besides how stupid I may be for doing it this way...;-)
> 
> 
I doubt that it matters if this was a wise thing to do.  It should work
and it doesn't.

First, you found a bug.  Since the icon on the Panel was only a link, 
you should not have been able to open the properties and edit it.  Being 
able to do so will only cause problems.  So that is a simple bug and it 
should be reported.

Some history.  In KDE-3, you will find that you can put either a link or 
an actual 'desktop' file on the panel depending on how you do it.  If 
you add from the menu, you will get a link but if you drag 'n' drop, you 
get an actual 'desktop' file.  An issue with this was that when the 
icons were removed from the panel, they were not deleted from the 
directory: $HOME/.kde/share/apps/kicker/

This "design" feature appears to have occurred by accident and was one 
of the things in Kicker that needed fixing.  IMHO, the proper fix was to 
always have an actual 'desktop' file and never use a link.  This was not 
what was done, so, we have not just a bug but a serious design issue as 
well.

-- 
JRT

Linux (mostly) From Scratch

___________________________________________________
This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.

More information about the kde mailing list