D12795: Re-allow running Dolphin as the root user (but still not using sudo)
Martin Flöser
noreply at phabricator.kde.org
Sun May 20 20:39:50 BST 2018
graesslin added a comment.
In D12795#265628 <https://phabricator.kde.org/D12795#265628>, @markg wrote:
> In D12795#265616 <https://phabricator.kde.org/D12795#265616>, @graesslin wrote:
>
> > > You would also have to run a malicious application which is quite unlikely if you stick to vendor packages (but sure, there probably is a very small chance that a malicious package lands in the dist repository).
> >
> > nope, sorry. The exploit I wrote would work through a drive-by download through an Internet browser. The world we live in sucks :-(
>
>
> You've just completely ignored my valid use cases (which you asked for some comments earlier).
Nope. I haven't asked for use cases. I read them and I don't think they are reason enough to change it. Sorry :-)
> Sure, drive-by-downloads is then an issue.. That is completely unrelated to this issue. It has nothing to do with Dolphin.
> It is "one of the steps" needed to potentially exploit the system. But this requires stupid users who click on everything apparently. I personally never trust downloads from those drive-by pages unless i'm expecting the page to give me a download.
The whole idea of drive-by downloads is to make them happen without the user noticing. So please no victim blaming.
REPOSITORY
R318 Dolphin
REVISION DETAIL
https://phabricator.kde.org/D12795
To: ngraham, markg, elvisangelaccio, #dolphin
Cc: chinmoyr, cfeck, elvisangelaccio, mmustac, Fuchs, markg, graesslin, nicolasfella, zzag, kfm-devel, emmanuelp, spoorun, navarromorales, isidorov, firef, andrebarros
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20180520/f07a2deb/attachment.htm>
More information about the kfm-devel
mailing list