Martin Koller posted on Sun, 18 Mar 2012 17:09:47 +0100 as excerpted:
> I was looking into the source of ksysguard and found that it can load
> .desktop files which define some additional actions in the RMB.
> (In the source it uses KGlobal::dirs()->findAllResources("data",
> "ksysguard/scripts/*/*.desktop",...)
>
> In the rpm I have installed here
> (kdebase4-workspace-ksysguardd-4.8.1-729.4.i586)
> there is not even the scripts directory, so the file which is obviously
> missing in the RPM is smaps.desktop, which I found in ksysguard source
> tree.
>
> ok, thanks for your help - I'm going to bother the openSuse packagers...
> ;-)
It's worth noting that in gentoo, installing the ksysguard package prints
a warning:
"Note that ksysguard has powerful features; one of these is the
executing of arbitrary programs with elevated privileges (as data
sources). So be careful opening worksheets from untrusted sources!"
Again, it's possible your distro disables some of that for security
reasons.
One of the more recent discussions in kernel security has been debate
over normal user access to various memory mapping information that then
allows bypassing address randomization schemes that help prevent someone
from exploiting buffer overrun type vulnerabilities. As with many
security decisions, there's a balance between usability and security,
with the more security conscious choosing to forgo certain usability
conveniences. This sort of somewhat obscure detailed memory mapping
information is just the sort of thing that security conservative distros
might choose to disable, believing normal users don't need and generally
won't miss that information anyway, while arranging for it not to be
exposed arguably does increase security, if only incrementally.
Meanwhile, I routinely run live-git kernels here, and hadn't updated in
the last day or two, so decided to do a git-pull and kernel rebuild, and
took the opportunity to enable that kernel option. So now I have smaps
enabled, and see all the info in that report. It is indeed nice, and at
the level exposed there, I don't see the kde side as a security concern,
especially if smaps are enabled in the kernel already. Still, it's
possible part of the scripting functionality was disabled due to other
scripts that it allowed to run.
But again, I'd guess it's more likely that it was simply disabled
accidentally. KDE has recently converted to git (from svn) for many of
their sources, and continues to split up the former huge multi-package
source tarballs into smaller chunks, so stuff is moving around. It's
thus quite possible that these bits moved and the OpenSuSe package
process simply missed some bits in the current round.
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
___________________________________________________
This message is from the kde mailing list.
Account management: https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.
