D12732: Show a warning when running as the root user
Elvis Angelaccio
noreply at phabricator.kde.org
Fri Jun 1 22:31:59 BST 2018
elvisangelaccio accepted this revision as: elvisangelaccio.
elvisangelaccio added a comment.
In D12732#259772 <https://phabricator.kde.org/D12732#259772>, @markg wrote:
> Please do enlighten us with "all sort of problems" as i know none.
`sudo dolphin` is just unusable due to broken style (you have to use `kdesu`). Also there were a couple of root-only bugs (e.g. random klauncher files created in the `/` folder), but it might be they have been fixed.
> I was looking over the exploit code and thought the same. Any app with a terminal would have this "potential issue".
Yes. That's why also Kate was patched.
> But when can this issue be abused?
> I can only think of one hypothetical case. A multi-seat environment where one of the seats is running as root where a non-root seat could then exploit that root seat. I say hypothetical because i have no idea if that really works.
> But even if it would works, i'd be willing to bet that the vast majority of KDE installations is single-seat only. One computer with one KDE session. Even much of those installed in corporate environments likely have a single desktop per seat.
> For what is this protection then?
REPOSITORY
R318 Dolphin
BRANCH
more-user-friendly-sudo-and-root-usage-behavior (branched from master)
REVISION DETAIL
https://phabricator.kde.org/D12732
To: ngraham, #dolphin, markg, elvisangelaccio
Cc: acooligan, anthonyfieroni, chinmoyr, kfm-devel, rikmills, emmanuelp, zzag, nicolasfella, elvisangelaccio, Fuchs, mmustac, markg, spoorun, navarromorales, isidorov, firef, andrebarros
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20180601/72b13410/attachment.htm>
More information about the kfm-devel
mailing list