D12795: Re-allow running Dolphin as the root user (but still not using sudo)
Mark Gaiser
noreply at phabricator.kde.org
Sun May 20 20:33:10 BST 2018
markg added a comment.
In D12795#265616 <https://phabricator.kde.org/D12795#265616>, @graesslin wrote:
> > You would also have to run a malicious application which is quite unlikely if you stick to vendor packages (but sure, there probably is a very small chance that a malicious package lands in the dist repository).
>
> nope, sorry. The exploit I wrote would work through a drive-by download through an Internet browser. The world we live in sucks :-(
You've just completely ignored my valid use cases (which you asked for some comments earlier).
Sure, drive-by-downloads is then an issue.. That is completely unrelated to this issue. It has nothing to do with Dolphin.
It is "one of the steps" needed to potentially exploit the system. But this requires stupid users who click on everything apparently. I personally never trust downloads from those drive-by pages unless i'm expecting the page to give me a download.
REPOSITORY
R318 Dolphin
REVISION DETAIL
https://phabricator.kde.org/D12795
To: ngraham, markg, elvisangelaccio, #dolphin
Cc: chinmoyr, cfeck, elvisangelaccio, mmustac, Fuchs, markg, graesslin, nicolasfella, zzag, kfm-devel, emmanuelp, spoorun, navarromorales, isidorov, firef, andrebarros
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20180520/92c7b686/attachment.htm>
More information about the kfm-devel
mailing list