D12795: Re-allow running Dolphin as the root user (but still not using sudo)

[Martin Flöser]

graesslin added a comment.


  In D12795#265628 <https://phabricator.kde.org/D12795#265628>, @markg wrote:
  
  > In D12795#265616 <https://phabricator.kde.org/D12795#265616>, @graesslin wrote:
  >
  > > > You would also have to run a malicious application which is quite unlikely if you stick to vendor packages (but sure, there probably is a very small chance that a malicious package lands in the dist repository).
  > >
  > > nope, sorry. The exploit I wrote would work through a drive-by download through an Internet browser. The world we live in sucks :-(
  >
  >
  > You've just completely ignored my valid use cases (which you asked for some comments earlier).
  
  
  Nope. I haven't asked for use cases. I read them and I don't think they are reason enough to change it. Sorry :-)
  
  > Sure, drive-by-downloads is then an issue.. That is completely unrelated to this issue. It has nothing to do with Dolphin.
  >  It is "one of the steps" needed to potentially exploit the system. But this requires stupid users who click on everything apparently. I personally never trust downloads from those drive-by pages unless i'm expecting the page to give me a download.
  
  The whole idea of drive-by downloads is to make them happen without the user noticing. So please no victim blaming.

REPOSITORY
  R318 Dolphin

REVISION DETAIL
  https://phabricator.kde.org/D12795

To: ngraham, markg, elvisangelaccio, #dolphin
Cc: chinmoyr, cfeck, elvisangelaccio, mmustac, Fuchs, markg, graesslin, nicolasfella, zzag, kfm-devel, emmanuelp, spoorun, navarromorales, isidorov, firef, andrebarros
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20180520/f07a2deb/attachment.htm>