[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Bug#14253: kmail html security bug
From: Malte.Starostik () t-online ! de (Malte Starostik)
Date: 2000-11-01 11:00:06
[Download RAW message or body]
Am Mittwoch, 1. November 2000 11:33 schrieb Andreas Pour:
> Tilo Ulbrich wrote:
> > Am Dienstag, 31. Oktober 2000 21:27 schrieb Daniel Naber:
> > > > On Tuesday 31 October 2000 20:34, TiloUlbrich@web.de wrote:
> > > > So it is possible to exec programms which needn't arguments. E.g
> > > > "/sbin/halt" if I work with "root" were big shit.
> > >
> > > Nobody is supposed to run KDE as root.
>
> I truly don't understand this. If that is so, why is there a kfm-su in
> kde 1.1.x? And why is there kdesu?
So that it's easy for users to do particular tasks as root without being
tempted to run the whole desktop as root.
> And why are there control modules that only work as root?
>
> I understand that users should not run their entire session as root.
> But doesn't root get mail? And how are ex-windowites to read mail w/out
> KMail -- they should learn to use mutt? Why have KMail if you can't use
> it to read mail securely?
You should never read root's mail as root with any client, that's what
/etc/aliases is for.
A mail client is definately the last thing (maybe except from a browser :)
I'd run with superuser privilegues.
Sorry if this sounds a bit rude, that was not intended, just lacking time and
better words now.
-Malte
_______________________________________________
Kmail Developers mailing list
Kmail@master.kde.org
http://master.kde.org/mailman/listinfo/kmail
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic