Suggestion to Remove KFloppy and hold back K3b
Martin Gräßlin
mgraesslin at kde.org
Thu Feb 16 05:28:19 UTC 2017
Am 15. Februar 2017 23:58:50 MEZ schrieb Wolfgang Bauer <wbauer at tmo.at>:
>Am Mittwoch, 15. Februar 2017, 22:21:19 schrieb Martin Gräßlin:
>> Please do not consider starting a GUI application as root a
>possibility.
>
>Ok, but partitionmanager does exactly that. It restarts itself as root
>if run
>as user.
>So that instantly would rule out partionmanager as a proposed
>replacement, I
>suppose.
Yes partition manager should not do that. They are aware of the issue.
>
>But KFloppy is quite a simple application.
>There should not really be a special risk involved running it as root,
>but I
>might be mistaken there.
You are. The danger is Qt and all the other libraries it depends on.
Even xlib and xcb hardly protect against a malicious X server. And we just cannot assume any more that X is running as root.
Cheers
Martin
More information about the release-team
mailing list