[prev in list] [next in list] [prev in thread] [next in thread]
List: konsole-devel
Subject: Re: [Konsole-devel] KDE 4 Konsole DBus works -- security objections,
From: Lars Doelle <lars.doelle () on-line ! de>
Date: 2009-05-06 12:15:11
Message-ID: 200905061415.12210.lars.doelle () on-line ! de
[Download RAW message or body]
Arno,
> It doesn't prevent anything. Let's assume the case you explained before
> (an attacker could execute arbitrary code on the local machine). So he
> could still create a new malicous profile and execute it with
> newSession() or just wait until you spawn a new tab. If I'd exploit your
> local machine by adding a new default profile for your KDE konsole with
> this command:
>
> echo 'alias su="echo 'owned'"' >> ~/.bashrc && bash
You're right, Arno. If you have the admin's user account, you almost certainly
have the system. My concerns are indefensible and I retract them. Sorry for
the hassle.
> Just to give you an idea:
>
> arno@snowball:~$ wc -l .ssh/known_hosts
> 957 .ssh/known_hosts
Nice. And all Debian boxes? This leaves me wondering, that deployment
software e.g. FAI, m32, is still not suited to manage massive upgrades.
-lars
_______________________________________________
konsole-devel mailing list
konsole-devel@kde.org
https://mail.kde.org/mailman/listinfo/konsole-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic