[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: security vs. usability
From:       Bernhard Rosenkraenzer <bero () redhat ! de>
Date:       2001-02-06 10:24:45
[Download RAW message or body]

On Tue, 6 Feb 2001, Matthias Hölzer-Klüpfel wrote:

> Hm, there is a contradiction in what you say: A user using kppp or kisdn is
> _not_ a local user, so he definitely should care about security.

We're just using different definitions. To me,
"local user" == A user with a local shell account

There are a couple of situations where you don't need to care about
keeping your users from becoming root.

> On KDE 1.1.1, this chown'ed the passwd file to you. This is fixed, but
> running _any_ KDE application as suid is evil.

If you're concerned about security, yes.
If you aren't concerned about local security, no.

> Even if we would allow this in
> the libs, I hope that there are no distributions out there that would still
> ship one...

Red Hat won't - but leaving the user the choice to setuid some stuff is
not always stupid.

LLaP
bero

[prev in list] [next in list] [prev in thread] [next in thread]