From kde-core-devel Tue Feb 06 22:14:52 2001 From: Tim Lee Date: Tue, 06 Feb 2001 22:14:52 +0000 To: kde-core-devel Subject: Re: security vs. usability X-MARC-Message: https://marc.info/?l=kde-core-devel&m=98149824324692 On Tuesday 06 February 2001 02:31 pm, Michael Jarrett wrote: > > It may force KDE code to be written cleanly, but it may also make > > KDE useability suffer until parts of KDE are re-written to provide > > the functionality in a safer way. I also don't think it > > should be up to you to trade off useability for security for my > > system, these are the determinations I need to make. If you > > can devise a safer yet simple method of providing the equivalent > > of suid for some programs then you should do that and we would > > all be grateful, but until that is done I need to be able to do the > > things I've always been able to do. Each person needs to be able > > to make these security useabilty decisions themeselves. > > diald is a daemon that will create a PPP connection whenever it's > needed. That provides you with an alternative to suid PPP programs, as > was your example. I know nothing of diald. We use Kppp and intend to continue to use it, unless it requires a root password everytime someone needs to dial in or some rediculous setup required to get it to work because someone determined it had to be that way for security. If KDE's useability gets this bad I'll just switch and use something else (Gnome, Windows). Since the day I started using Unix I've always had control over security and been able to do the suid thing if I require. I have to trade off security for ease of use and time to setup just like many other trade offs I make every day. It is obvious that most peaple's home use of KDE/Gnome/Windows will require that users be able to do things like burn CD's, log onto the internet, use a scanner ..., and these things should be as simple to get running as possible and should not require the root password. > > Alternatively you can set up new UID 0 accounts with new passwords. > kdesu will cache the passwords for the users, and you never have to > worry about it. > Hell, you're practically opening the door to root access anyways, no > reason to make it difficult for them. I have no idea what this is and I've been using Unix for over ten years, what new or intermediate user is going to have a clue about this? -- ++++++++++++++++++++++++++++++++++++++++++++ Tim Lee Email: tlee@tc.fluke.com R&D Engineer Phone: (719)598-3842 x651 Fluke Corporation FAX: (719)598-2063 6805 Corporate Drive, Suite 100 Colorado Springs, CO 80919 ++++++++++++++++++++++++++++++++++++++++++++