D12732: Implement a more user-friendly run-as-root-or-sudo behavior
Martin Flöser
noreply at phabricator.kde.org
Sun May 20 18:27:48 BST 2018
graesslin added a comment.
In D12732#265450 <https://phabricator.kde.org/D12732#265450>, @graesslin wrote:
> What you can do instead is starting a KMessageBox through an external process which drops back to the normal user. There inform the user about the risks, maybe with a link to a dedicated page on kde.org where we explain the attack on Dolphin through running as root. From within the message box one could provide a way to launch dolphin nevertheless as root (e.g. env variable I_KNOW_THAT_ROOT_CAN_BREAK_ME=1).
env variable doesn't work. A malicious program running as user could write it into the env variables loaded at startup. What could work is using a command line argument. Of course without QCommandLineParser.
REPOSITORY
R318 Dolphin
REVISION DETAIL
https://phabricator.kde.org/D12732
To: ngraham, #dolphin, graesslin
Cc: anthonyfieroni, chinmoyr, kfm-devel, rikmills, emmanuelp, zzag, nicolasfella, elvisangelaccio, Fuchs, mmustac, markg, spoorun, navarromorales, isidorov, firef, andrebarros
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20180520/3a3192e7/attachment.htm>
More information about the kfm-devel
mailing list