D12732: Implement a more user-friendly run-as-root-or-sudo behavior
Mark Gaiser
noreply at phabricator.kde.org
Tue May 8 23:43:39 BST 2018
markg added a comment.
In D12732#259773 <https://phabricator.kde.org/D12732#259773>, @nicolasfella wrote:
> AFAIU the exploit works like this:
>
> A user has a normal, non-root session running which is infected with a malicious program. The program now waits until the user is running 'sudo dolphin' and now can use the exploit to gain elevated privileges.
>
> If the user is running as root anyway there is no additional harm, because most likely the malicious program will have root privileges anyway.
Which is not that often for Dolphin, but is much more likely for Konsole.
How to guard that, a terminal emulator by nature!
I don't think you can... (don't bring up wayland.. we're still in an X11 era whether you want it or not).
REPOSITORY
R318 Dolphin
REVISION DETAIL
https://phabricator.kde.org/D12732
To: ngraham, #dolphin, graesslin
Cc: emmanuelp, zzag, nicolasfella, elvisangelaccio, Fuchs, mmustac, markg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20180508/efea647e/attachment.htm>
More information about the kfm-devel
mailing list