Re: Where's Konqueror in SU

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> I'd suggest that anyone who sets up a system without any user
>  accounts _and_ somehow needs a GUI to configure the system
>  _and_ can't manage to figure out the settings to change so
>  they can login as root should probably not be pretending to
>  be a competent administrator.

I guess the last part is not correct - he *can* login as root, 
but *can not* run Konqueror as root ... that's a difference

oh, and also the original post was not about installing without 
ordinary user accounts

well, but this is not the point - the point is, that someone who 
supposes he's smarter than the others just disables a possibility 
for the others

please, stop protecting other people from themselves - if they 
want to risk being hurt, just let them get hurt ...


I've got a usecase - what about using Konqueror to configure CUPS

what is the security difference between doing
$ su -
# konqueror localhost:631

and

$ konqueror localhost:631
<supply root password to konqueror when asked for>

?

in the first case, if the attacker gets in control of Konqueror, 
he can do rm -rf / directly; in the latter, he can capture root 
password ... which may (or may not) be more valuable


> Are there not enough examples from Windows of why it's a
>  terrible idea to run with full administrator privileges --
>  especially software like web browsers?

I do not think that using Windows as an argument is worth here

and do not forget that Konqueror is also a file browser, not just 
web browser (oh, does everyone really has to do "cd /etc; vi 
someconfigfile" in the text console?)

K.

-- 
Karel Volný
QE BaseOs/Daemons Team
Red Hat Czech, Brno
tel. +420 532294274
(RH: +420 532294111 ext. 8262074)
xmpp kavol@xxxxxxxxx
:: "Never attribute to malice what can
::  easily be explained by stupidity."

Attachment: signature.asc
Description: This is a digitally signed message part.

-- 
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: 
https://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux