[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    Bug#14253: kmail html security bug
From:       Malte.Starostik () t-online ! de (Malte Starostik)
Date:       2000-11-01 11:00:06
[Download RAW message or body]

Am Mittwoch,  1. November 2000 11:33 schrieb Andreas Pour:
> Tilo Ulbrich wrote:
> > Am Dienstag, 31. Oktober 2000 21:27 schrieb Daniel Naber:
> > > > On Tuesday 31 October 2000 20:34, TiloUlbrich@web.de wrote:
> > > > So it is possible to exec programms which needn't arguments. E.g
> > > > "/sbin/halt" if I work with "root" were big shit.
> > >
> > > Nobody is supposed to run KDE as root.
>
> I truly don't understand this.  If that is so, why is there a kfm-su in
> kde 1.1.x?  And why is there kdesu? 
So that it's easy for users to do particular tasks as root without being 
tempted to run the whole desktop as root.

> And why are there control modules that only work as root?
>
> I understand that users should not run their entire session as root.
> But doesn't root get mail?  And how are ex-windowites to read mail w/out
> KMail -- they should learn to use mutt?  Why have KMail if you can't use
> it to read mail securely?
You should never read root's mail as root with any client, that's what 
/etc/aliases is for.

A mail client is definately the last thing (maybe except from a browser :) 
I'd run with superuser privilegues.

Sorry if this sounds a bit rude, that was not intended, just lacking time and 
better words now.
-Malte

[prev in list] [next in list] [prev in thread] [next in thread]