[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: Re: kdeutils/klaptopdaemon [POSSIBLY UNSAFE]
From: George Staikos <staikos () kde ! org>
Date: 2003-08-16 15:48:44
[Download RAW message or body]
On Sunday 10 August 2003 16:54, Volker Krause wrote:
> > This defeats the whole purpose though. It requires root privileges
> > because you don't want users to be able to do this. Making a suid root
> > app allows anyone to do it. I would have to consider this a security
> > hole in KDE.
>
> Sorry, my mistake: It is not installed as setuid root by default, you need
> to set it up the first time by supplying the root password. So, not
> everyone is allowed to change the performance settings by default.
Unfortunately it requires the user to enter an all-or-none situation, where
either everyone who uses the machine can do those things, or no-one except
root can. It's not an ideal solution. Maybe an access list should be
written to /etc with the UIDs that are allowed access.
--
George Staikos
KDE Developer http://www.kde.org/
Staikos Computing Services Inc. http://www.staikos.net/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic