[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: kdesu overrides user's PATH with hardcoded path
From: Gary Greene <greeneg () tolharadys ! net>
Date: 2008-09-06 7:02:56
Message-ID: 200809060003.00482.greeneg () tolharadys ! net
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Friday 05 September 2008 04:25:42 pm Anders Lövgren wrote:
> On Thursday 04 September 2008 08.40.13 Oswald Buddenhagen wrote:
> > On Thu, Sep 04, 2008 at 02:52:43AM +0200, Anders Lövgren wrote:
> > > The modified $PATH will at least protect against e.g. running a bad
> > > ~/bin/cat from a program or script that happens to use whatever cat
> > > that comes first in the $PATH.
> >
> > *how* is a bad cat supposed to get into ~/bin, huh? why do you want to
> > secure the door of an obviously blown up house?
>
> Regarding the *how*, huh? and ~/bin: you had an idea about it yourself in
> your previous mail, why asking me? :-)
>
> I don't think we need to discuss the *how* further here, theres better
> forums for that. For the second question I would like to switch the
> viewpoint: If the house is not blown up, why not lock the door?
>
> >> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to
> >> unsubscribe <<
Anders,
Its not the "why not lock the door" issue I think that Ossi is commenting on,
but rather the fact that this is completely UN-CONFIGURABLE. If I want this
feature as a paranoid user, it should be managed by a configuration file that
is read only versus plain hardcoding paths in the code. This way if _I_ don't
want/need it, I can set my system up as I want without patching the code
unnecessarily.
--
Gary L. Greene, Jr.
Sent from: peorth
23:59:53 up 5 days, 1 min, 6 users, load average: 0.31, 0.23, 0.19
==========================================================================
Developer and Project Lead for the AltimatOS open source project
Volunteer Developer for the KDE open source project
See http://www.altimatos.com/ and http://www.kde.org/ for more information
==========================================================================
Please avoid sending me Word or PowerPoint attachments.
["signature.asc" (application/pgp-signature)]
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic