[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: kdesu in KRASH
From:       David Faure <faure () kde ! org>
Date:       1999-09-22 20:39:06
[Download RAW message or body]

On Wed, Sep 22, 1999 at 08:00:22PM +0200, Geert Jansen wrote:
> Hiya,
> 
> I'd like to advocate for inclusion of kdesu in the KRASH release.
> 
> KDE su features:
> 
>     * graphical password dialog
>     * automatic X authentication
>     * (rather) secure password keeping
> 
> It is currently tested on:
> 
>     * Linux (w & w/o glibc 2.1, PAM, unix98 pty's)
>     * Solaris 7 (intel)
>   
> Different scenarios are possible:
> 
> 1) All the way.
> KDE su gets included in kdebase and all things requiring root priviliges
> (kdm setup, kfm su, kvt su, ...) are called through kdesu.
> 
> 2) Not all the way.
> KDE su in kdeuitls. It installs a new kfm su and kvt su .desktop entry.
> 
> IMHO 1) would be the best because we're making a graphical desktop here
> and KDE su fits into this phylosophy.
> 
> KDE su can be found in kdenonbeta. If the password keeping feature worries 
> people, we could disable it by default. 
> 
> Please comment!

Oh yes I love that.
I really didn't want to reimplement kfmsu & kfmsu2 in konqueror.
I vote for 1) :)


Perhaps you can comment on the following bug report I got recently, and which
is very related :

Package: kfm
Version: 1.1.2
 
kfmsu2 calls "xhost +local:", which is insecure.
 
I suggest setting the XAUTHORITY environment for root to that of the user's to
securely give root access to the display:
 
Remove "xhost +local:" and change su:
 
su - root -c "XAUTHORITY=$HOME/.Xauthority; DISPLAY=$DISPLAY; \
    export XAUTHORITY DISPLAY; $kfm -sw >/dev/null"
 
I am using both Debian Slink and Redhat 6.0 with updates.  


-- 
David FAURE
david@mandrakesoft.com, faure@kde.org
http://www.insa-lyon.fr/People/AEDI/dfaure/index.html 
KDE, Making The Future of Computing Available Today

[prev in list] [next in list] [prev in thread] [next in thread]