From kde-devel  Wed Jan 06 23:04:06 1999
From: Alex Zepeda <garbanzo () hooked ! net>
Date: Wed, 06 Jan 1999 23:04:06 +0000
To: kde-devel
Subject: Re: Konsole - a security vs. portability problem
X-MARC-Message: https://marc.info/?l=kde-devel&m=91566376708888


> At least for non-Linux systems. The right way to handle the problem does not
> only depend on the OS, but also on the environment. For a single user
> workstation (as many Linux installations are), there's not security issue at
> all. For a multiuser environment, i cannot expect the sysadmin to run to set
> konsole root/suid (and thereby risking to compromize the whole system). I for
> one certainly won't do that if i were responsible for a system's security.

*shrug*.  A default X install has xterm setuid.  There are plenty of
suid-by-default X apps.  I figure if you drop root privs before you even
construct your KApp object, you're reasonably safe.

There's always the (bloated) possibility of some sort of small suid corba
daemon to handle this...

- alex

| "Contrary to popular belief, penguins are not the salvation of modern  |
| technology.  Neither do they throw parties for the urban proletariat." |
| Powered by FreeBSD                            http://www.freebsd.org/  |