Suggestion to Remove KFloppy and hold back K3b

Wolfgang Bauer wbauer at tmo.at
Wed Feb 22 22:20:11 UTC 2017


Am Mittwoch, 22. Februar 2017, 22:01:01 schrieb Martin Gräßlin:
> The attack surface is exactly the same as any other X application. It's
> X itself which will make this exploitable.

Yes, obviously, and that's clear to me too.

I won't comment on the rest, because it's not specific to kfloppy as you write 
yourself.

Just this:
> I answered nevertheless, because I think it's important for all devs to
> understand that connecting to X11 as root means a risk to their users
> and that there is nothing their application can do to protect against
> it.

Ok, fine with me that you wrote that again. And important too, I agree.

Although, I have to say that I somehow felt a bit like being "witch-hunted" 
for even thinking about that.
But let's stop here, I'll try to forget that... ;-)

Kind Regards,
Wolfgang



More information about the release-team mailing list