[policykit-kde-agent-1] [Bug 486453] Show more metadata about the initiating process to help people verify what exactly requested authentication

Fri May 3 21:49:37 BST 2024

https://bugs.kde.org/show_bug.cgi?id=486453

Nate Graham <nate at kde.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |usability
     Ever confirmed|0                           |1
             Status|REPORTED                    |CONFIRMED
            Summary|Admin password dialog seems |Show more metadata about
                   |potentially fundamentally   |the initiating process to
                   |unsafe and like a           |help people verify what
                   |significant downgrade to    |exactly requested
                   |e.g. Windows UAC            |authentication
                 CC|                            |nate at kde.org
           Severity|normal                      |wishlist

--- Comment #3 from Nate Graham <nate at kde.org> ---
Adding the executable seems like a sensible improvement. PID, maybe... I'm not
sure that means anything to most people, as it would have to be manually
cross-referenced with the app you expect. 99.999999% of people won't do that.

Changing the styling would not help since a rogue app could simply emulate that
style. Requiring a special key combination to be pressed would be disruptive
and annoying Making the dialog system-modal in the style of UAC and GNOME would
also be disruptive and annoying, and also and not actually provide any
additional security.

In the end security is a balance; if it gets in people's way too much, people
find workarounds that remove all security. You don't make a house secure by
putting 12 locks on the front door. Those with heightened security needs should
provide the requisite hardening for themselves.

-- 
You are receiving this mail because:
You are the assignee for the bug.