D12795: Re-allow running Dolphin as the root user (but still not using sudo)

Nathaniel Graham noreply at phabricator.kde.org
Thu May 17 23:02:44 BST 2018 

ngraham added a reviewer: Dolphin.
ngraham added a comment.


  @elvisangelaccio? Anyone else?
  
  I feel like Linus Torvalds' explanation regarding security hardening not regressing the user experience is very important to keep in mind here: https://lkml.org/lkml/2017/11/21/356:
  
  > [...] from a _user_ standpoint, it's something else altogether. For a user, pretty much EVERY SINGLE TIME, it wasn't actually a security attack at all, it was just a latent bug that got exposed. And the keyword here is that it was _latent_, and things used to work, and the hardening patch did something - probably fairly drastic - to turn it from "dangerous" to "benign" from a security perspective.
  > 
  > So from a user standpoint, the hardening was just a big nasty annoyance, and probably made their workflow _break_, without actually helping their case at all, because they never really saw the original bug as a problem to begin with.
  > 
  > [...]
  > 
  > when adding hardening features, you as a security person should always see that hardening to be the _endpoint_, but not the immediate goal. When adding hardening features, the first step should *ALWAYS* be "just report it". Not killing things, not even stopping the access. Report it. Nothing else.
  > 
  > "Do no harm" should be your mantra for any new hardening work. And that "do no harm" may feel antithetical to the whole point. You go "but that doesn't work - then the bug still exists".
  > 
  > But remember - keep your eye on the endpoint, and that this is just the first step. You need to not piss off users, and you need to not piss of developers. Because if you as a security person just piss off users, and piss off developers, I'm not going to take your work, and I'm going to call you a bad security person.
  > 
  > Because in the end, those users really do matter. Without those users, your system may be "secure", but all your security work was still just masturbation. You didn't do anything useful at all in the end.
  
  This patch refines the security check and un-breaks a legitimate use case that we broke over a year ago (causing much user anger and pushing some to use a different file manager). I'd like to get it in if there are no objections.

REPOSITORY
  R318 Dolphin

REVISION DETAIL
  https://phabricator.kde.org/D12795

To: ngraham, markg, elvisangelaccio, #dolphin
Cc: elvisangelaccio, mmustac, Fuchs, markg, graesslin, nicolasfella, zzag, kfm-devel, emmanuelp, spoorun, navarromorales, isidorov, firef, andrebarros
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20180517/4cba5ef8/attachment.htm>

More information about the kfm-devel mailing list