[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Bug#14253: kmail html security bug
From: Andreas Pour <pour () mieterra ! com>
Date: 2000-11-01 18:48:08
[Download RAW message or body]
George Staikos wrote:
>
> On Wednesday 01 November 2000 05:33, Andreas Pour wrote:
>
> > > > > So it is possible to exec programms which needn't arguments. E.g
> > > > > "/sbin/halt" if I work with "root" were big shit.
> > > >
> > > > Nobody is supposed to run KDE as root.
> >
> > I truly don't understand this. If that is so, why is there a kfm-su in
> > kde 1.1.x? And why is there kdesu? And why are there control modules
> > that only work as root?
> >
> > I understand that users should not run their entire session as root.
> > But doesn't root get mail? And how are ex-windowites to read mail w/out
> > KMail -- they should learn to use mutt? Why have KMail if you can't use
> > it to read mail securely?
> >
> > I'm sorry, but that answer is a cop-out. KMail will hopefully be fixed
> > to not execute scripts; in fact there was a long discussion about this
> > some months ago and I thought it had been fixed.
>
> That's why you have .forward.
OK, then can I add a "wishlist" item to this bug report?
Maybe if KMail starts up and detects it's running as root it can pop up
a dialog and say "It is recommended that you not run this program as
root. We recommend you forward your mail to another account. To do
this please select the user name from the list below and select
"Forward"". And there is a list of usernames from the /etc/passwd file
and of course the possiblity to add your own. If the user selects this,
KMail creates the .forward file.
I think this is a great solution and solves the problem that the KDE
target audience (at least a great part of it) is not going to know what
a .forward file is.
[ ... ]
Ciao,
Andreas Pour
http://www.kde.com/ : Everything KDE
http://apps.kde.com/: The Latest in KDE Applications
_______________________________________________
Kmail Developers mailing list
Kmail@master.kde.org
http://master.kde.org/mailman/listinfo/kmail
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic