D12732: Implement a more user-friendly run-as-root-or-sudo behavior
Elvis Angelaccio
noreply at phabricator.kde.org
Mon May 7 20:37:42 BST 2018
elvisangelaccio added a comment.
I don't think this is a good idea. There is a reason we have that check there, and it must be the very first thing done in `main()`. Showing a fancy warning message in the dolphin view would be too late (see Martin's exploit <https://cgit.kde.org/scratch/graesslin/exploit-dophin-root-x11.git/tree/exploit.cpp>).
I know the current situation is not ideal (given that kio is not polkit-ready yet - we are almost there though!). But we shouldn't leave the door open to a clear vulnerability that could affect every dolphin user.
What we //can// do is a build-time switch in cmake, so that if someone (or some distro) wants to remove the root check, they can do easily do so without patching the code.
REPOSITORY
R318 Dolphin
REVISION DETAIL
https://phabricator.kde.org/D12732
To: ngraham, #dolphin
Cc: elvisangelaccio, Fuchs, mmustac, markg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20180507/9a1999eb/attachment.htm>
More information about the kfm-devel
mailing list