Suggestion to Remove KFloppy and hold back K3b
Martin Gräßlin
privat at martin-graesslin.com
Thu Feb 23 06:10:28 UTC 2017
Am 2017-02-22 23:20, schrieb Wolfgang Bauer:
> Am Mittwoch, 22. Februar 2017, 22:01:01 schrieb Martin Gräßlin:
>> The attack surface is exactly the same as any other X application.
>> It's
>> X itself which will make this exploitable.
>
> Yes, obviously, and that's clear to me too.
>
> I won't comment on the rest, because it's not specific to kfloppy as
> you write
> yourself.
>
> Just this:
>> I answered nevertheless, because I think it's important for all devs
>> to
>> understand that connecting to X11 as root means a risk to their users
>> and that there is nothing their application can do to protect against
>> it.
>
> Ok, fine with me that you wrote that again. And important too, I agree.
>
> Although, I have to say that I somehow felt a bit like being
> "witch-hunted"
> for even thinking about that.
> But let's stop here, I'll try to forget that... ;-)
>
> Kind Regards,
> Wolfgang
More information about the release-team
mailing list