[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    Bug#14253: kmail html security bug
From:       Andreas Gungl <Andreas.Gungl () osp-dd ! de>
Date:       2000-11-01 12:29:10
[Download RAW message or body]

Andreas Pour wrote:
> 
> Tilo Ulbrich wrote:
> >
> > Am Dienstag, 31. Oktober 2000 21:27 schrieb Daniel Naber:
> >
> > > > On Tuesday 31 October 2000 20:34, TiloUlbrich@web.de wrote:
> > > > So it is possible to exec programms which needn't arguments. E.g
> > > > "/sbin/halt" if I work with "root" were big shit.
> > >
> > > Nobody is supposed to run KDE as root.
> 
> I truly don't understand this.  If that is so, why is there a kfm-su in
> kde 1.1.x?  And why is there kdesu?  And why are there control modules
> that only work as root?
> 
> I understand that users should not run their entire session as root.
> But doesn't root get mail?  And how are ex-windowites to read mail w/out
> KMail -- they should learn to use mutt?  Why have KMail if you can't use
> it to read mail securely?
> 
> I'm sorry, but that answer is a cop-out.  KMail will hopefully be fixed
> to not execute scripts; in fact there was a long discussion about this
> some months ago and I thought it had been fixed.

AFAIK the discussion was about executing attachments without any
warning. This is fixed.

All other things have already been said by others. ;-)

Andreas
 
> [ ... ]
> 
> Ciao,
> 
> Andreas Pour

[prev in list] [next in list] [prev in thread] [next in thread]