From kde-commits  Sun Aug 10 20:54:30 2003
From: Volker Krause <volker.krause () rwth-aachen ! de>
Date: Sun, 10 Aug 2003 20:54:30 +0000
To: kde-commits
Subject: Re: kdeutils/klaptopdaemon [POSSIBLY UNSAFE]
X-MARC-Message: https://marc.info/?l=kde-commits&m=106054915921345

On Sunday 10 August 2003 22:50, George Staikos wrote:
> On Sunday 10 August 2003 16:41, Volker Krause wrote:
> > On Sunday 10 August 2003 22:21, George Staikos wrote:
> > >   Don't you need root access for that?  At least this is the case here,
> > > and I thought the last concensus was that root access inside
> > > klaptopdaemon just doesn't work (as seen with the horrible hacks in the
> > > pcmcia related stuff).
> >
> > Yes, same as for ACPI performance states and throttling, that's what the
> > klaptop_acpi_helper is for. This is installed with setuid root for these
> > purposes. This was introduced by Paul Campbell when he added the ACPI
> > support some time ago, I just reused it for CPUFreq.
>
>    This defeats the whole purpose though.  It requires root privileges
> because you don't want users to be able to do this.  Making a suid root app
> allows anyone to do it.  I would have to consider this a security hole in
> KDE.

Sorry, my mistake: It is not installed as setuid root by default, you need to 
set it up the first time by supplying the root password. So, not everyone is 
allowed to change the performance settings by default.

Volker