[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: security vs. usability
From: Bernhard Rosenkraenzer <bero () redhat ! de>
Date: 2001-02-06 10:24:45
[Download RAW message or body]
On Tue, 6 Feb 2001, Matthias Hölzer-Klüpfel wrote:
> Hm, there is a contradiction in what you say: A user using kppp or kisdn is
> _not_ a local user, so he definitely should care about security.
We're just using different definitions. To me,
"local user" == A user with a local shell account
There are a couple of situations where you don't need to care about
keeping your users from becoming root.
> On KDE 1.1.1, this chown'ed the passwd file to you. This is fixed, but
> running _any_ KDE application as suid is evil.
If you're concerned about security, yes.
If you aren't concerned about local security, no.
> Even if we would allow this in
> the libs, I hope that there are no distributions out there that would still
> ship one...
Red Hat won't - but leaving the user the choice to setuid some stuff is
not always stupid.
LLaP
bero
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic