Thankyou for all the info, you have been very helpful. Much more than these lists that can't even tell me if switching to kdesudo is possible. I assume because it isn't? > This is the one that opened /my/ eyes. > http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on- > gui-isolation.html > Well actually that link is slightly misleading, yes they can access keystrokes assuming it is not grabbed and yes that is poor protection but if you use sudoers and make changes to sudoers after a fresh boot up or closed browser then there is no password to sniff. > And if you might as well be running everything in superuser mode, why not > just do your X login as root in the first place? > That is not true as there is still memory protection. You could just as easily state and with more credence that if someone has access to one X app then they can find an escalation to root. It does apply to kdesu which requires a password however and Xapps will offer softer targets such as rawio access for video drivers to use. > Ideally, you only do superuser tasks from a non-X VT, or > alternatively, have a dedicated superuser X login, where EVERYTHING's > running as superuser and you know it, so you don't access the net from > it or anything, only do superuser stuff in it. I have various systems of varying lock downs. The least locked down online system does follow best practice of a seperate non-X VT console only admin but the admin is still restricted by sudo and with autologin enabled to reduce password entry. More locked down systems run X as it's own user with rawio disabled and have polkit disabled. I also have offline systems that I like to run things via kdesudo and I simply wish to know if I can continue without learning more about configuring the inferior polkit and keeping track of it's ever changing poorly documented and often in fact course fitting permissions? I sincerely hope there will not be a time when linux desktops will be as useless as Windows without scripts and RPC and an API that needs it's own library. Looking at the KDE lists it is the misunderstanding of sudo acting as su which is the driver and it would be far better and more secure if what polkit did followed the unix philosophy of many small tools and having the bonus of being more accessible to users and so continuing the power of unix rather than undescriptive source and api. There are alternatives for everything I can think of that work with sudo. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) _______________________________________________________________________ ___________________________________________________ This message is from the kde mailing list. Account management: https://mail.kde.org/mailman/listinfo/kde. Archives: http://lists.kde.org/. More info: http://www.kde.org/faq.html.