Arno,

> It doesn't prevent anything. Let's assume the case you explained before
> (an attacker could execute arbitrary code on the local machine). So he
> could still create a new malicous profile and execute it with
> newSession() or just wait until you spawn a new tab. If I'd exploit your
> local machine by adding a new default profile for your KDE konsole with
> this command:
> 
> echo 'alias su="echo 'owned'"' >> ~/.bashrc && bash

You're right, Arno. If you have the admin's user account, you almost certainly
have the system. My concerns are indefensible and I retract them. Sorry for
the hassle.


> Just to give you an idea:
> 
> arno@snowball:~$ wc -l .ssh/known_hosts
> 957 .ssh/known_hosts

Nice. And all Debian boxes? This leaves me wondering, that deployment
software e.g. FAI, m32, is still not suited to manage massive upgrades.

-lars
_______________________________________________
konsole-devel mailing list
konsole-devel@kde.org
https://mail.kde.org/mailman/listinfo/konsole-devel