Subject: Re: kde2 adds a *lot* of setuid-root programs!!!!
To: NetBSD Security Technical Discussion List <tech-security@NetBSD.ORG>
From: Greg A. Woods <email@example.com>
Date: 05/24/2001 17:40:53
[ On Thursday, May 24, 2001 at 19:46:03 (+0100), Jasper Wallace wrote: ]
> Subject: Re: kde2 adds a *lot* of setuid-root programs!!!!
> > what the heck is a .kss anyway?
> I guess they need to be setuid root to check the users password for when
> they lock the screen.
Oh, my. That's extremely scary! I guess I'll fix that right
now.... (not all my users can be trusted not to play! ;-)
At the worst you'd think they could invoke a setuid helper/wrapper to do
the check for them (there seems to be at least one or two of these
already there as part of KDE).
Greg A. Woods
+1 416 218-0098 VE3TCP <firstname.lastname@example.org> <email@example.com>
Planix, Inc. <firstname.lastname@example.org>; Secrets of the Weird <email@example.com>