D12795: Re-allow running Dolphin as the root user (but still not using sudo)
Luigi Toscano
noreply at phabricator.kde.org
Wed Dec 19 09:19:59 GMT 2018
ltoscano added a comment.
In D12795#371044 <https://phabricator.kde.org/D12795#371044>, @firef wrote:
> "Prohibiting the use of Dolphin as the actual root user (not using sudo or kdesu) breaks legitimate use cases for using the root user. "
>
> This means that the original prohibition caused great harm to the KDE community and was a grave mistake.
>
> The claim by the old error message: "Executing Dolphin with sudo is not possible due to unfixable security vulnerabilities."
>
> was obviously a lie, since it **is** going to be possible again.
>
> **What did KDE users do to deserve being lied to ?**
I disagree that this is a lie.
Dolphin can be run as root now to cover the use case of running an entire environment as root (which is not what security experts would be happy about).
You can say that this change should have been implemented only after implementing the support for policykit in dolphin; sure, I can agree with that.
But the security problem is still there and it's not a lie. It's just hidden under the carpet and ignored, until something bad happens. No lies here.
REPOSITORY
R318 Dolphin
REVISION DETAIL
https://phabricator.kde.org/D12795
To: ngraham, markg, elvisangelaccio, #dolphin
Cc: ltoscano, firef, chinmoyr, cfeck, elvisangelaccio, mmustac, Fuchs, markg, graesslin, nicolasfella, zzag, kfm-devel, emmanuelp, alexde, sourabhboss, feverfew, spoorun, navarromorales, andrebarros, mikesomov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20181219/c934f0f0/attachment.htm>
More information about the kfm-devel
mailing list