D12732: Implement a more user-friendly run-as-root-or-sudo behavior

Mark Gaiser noreply at phabricator.kde.org
Wed May 9 13:42:39 BST 2018 

markg added a comment.


  I missed this reply so responding on it now.
  
  In D12732#259309 <https://phabricator.kde.org/D12732#259309>, @elvisangelaccio wrote:
  
  > I don't think this is a good idea. There is a reason we have that check there, and it must be the very first thing done in `main()`. Showing a fancy warning message in the dolphin view would be too late (see Martin's exploit <https://cgit.kde.org/scratch/graesslin/exploit-dophin-root-x11.git/tree/exploit.cpp>).
  
  
  The "reason" you mention (I've read the exploit code and mails around it) can hardly be called a reason. Yes, it is possible...
  But then nothing with a terminal in an X11 GUI is safe. Also, Linux has been doing just fine for decades with X11 with this "exploit" laying there like forever.
  Sure, there might be "a" potential risk, but it's darn freaking small!
  A user would have to install a malicious application which is already quite unlikely if the user installs packages from the distribution package manager.
  How often do we - as developers! - even install packages from outside our distribution package manager? We are more at risk then the average linux user and i dare saying that even we have near 0 risk.
  
  Really, what is the risk for the user here? 0.00000001%?
  Some risk is imho acceptable. I'd call this one acceptable.
  
  > I know the current situation is not ideal (given that kio is not polkit-ready yet - we are almost there though!). But we shouldn't leave the door open to a clear vulnerability that could affect every dolphin user.
  > 
  > What we //can// do is a build-time switch in cmake, so that if someone (or some distro) wants to remove the root check, they can do easily do so without patching the code.
  
  I cannot believe you even suggest such a solution.
  
  Sorry for being so heavily against this, but you have security with real threads (those need to be fixed) and you have security paranoia.. This issue in my opinion falls in the latter category.
  If you absolutely must fix it then just tear out that embedded konsole. It's a neat feature but i value dolphin as root much more then an embedded konsole (do a google search for dolphin as root and be stunned by the sheer number of people asking how to run it as root as it isn't possible now anymore).

REPOSITORY
  R318 Dolphin

REVISION DETAIL
  https://phabricator.kde.org/D12732

To: ngraham, #dolphin, graesslin
Cc: kfm-devel, rikmills, emmanuelp, zzag, nicolasfella, elvisangelaccio, Fuchs, mmustac, markg, spoorun, navarromorales, isidorov, firef, andrebarros
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20180509/89b6ce0a/attachment.htm>

More information about the kfm-devel mailing list