[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: security vs. usability
From:       Tim Lee <tlee () tc ! fluke ! com>
Date:       2001-02-06 22:14:52
[Download RAW message or body]

On Tuesday 06 February 2001 02:31 pm, Michael Jarrett wrote:
> > It may force KDE code to be written cleanly, but it may also make
> > KDE useability suffer until parts of KDE are re-written to provide
> > the functionality in a safer way.  I also don't think it
> > should be up to you to trade off useability for security  for my
> > system, these are the determinations I need to make.  If you
> > can devise a safer yet simple method of providing the equivalent
> > of suid for some programs then you should do that and we would
> > all be grateful, but until that is done I need to be able to do the
> > things I've always been able to do.  Each person needs to be able
> > to make these security useabilty decisions themeselves.
>
> diald is a daemon that will create a PPP connection whenever it's
> needed. That provides you with an alternative to suid PPP programs, as
> was your example.

I know nothing of diald.  We use Kppp and intend to continue to use
it, unless it requires a root password everytime someone needs to
dial in or some rediculous setup required to get it to work because
someone determined it had to be that way for security.  If KDE's 
useability gets this bad I'll just switch and use something
else (Gnome, Windows).  Since the day I started using Unix I've 
always had control over security and been able to do the suid thing 
if I require.  I have to trade off security for ease of use and time to
setup just like many other trade offs I make every day.

It is obvious that most peaple's home use of KDE/Gnome/Windows
will require that users be able to do things like burn CD's, log onto the
internet, use a scanner ..., and these things should be as simple to 
get running as possible and should not require the root password.

>
> Alternatively you can set up new UID 0 accounts with new passwords.
> kdesu will cache the passwords for the users, and you never have to
> worry about it.
> Hell, you're practically opening the door to root access anyways, no
> reason to make it difficult for them.

I have no idea what this is and I've been using Unix for over ten years,
what new or intermediate user is going to have a clue about this?

-- 
++++++++++++++++++++++++++++++++++++++++++++
Tim Lee             Email: tlee@tc.fluke.com
R&D Engineer       Phone: (719)598-3842 x651
Fluke Corporation       FAX:   (719)598-2063
6805 Corporate Drive, Suite 100
Colorado Springs, CO 80919
++++++++++++++++++++++++++++++++++++++++++++ 

[prev in list] [next in list] [prev in thread] [next in thread]