kdesu and sudo

Derek Broughton auspex at pointerstop.ca
Thu Apr 21 17:19:13 UTC 2005


On Thursday 21 April 2005 18:56, Hannes Hauswedell wrote:

> like fabien pointed out YES IT IS! a script or executable can contain a
> call to sudo without you knowing and it will do stuff as root! of course

Then set the sudo timeout to 0.  As Abdullah pointed out, this really should 
be the default.
>
> > You can _always_ install kdesu from Debian, and allow logins on the root
> > account. You _have_ the choice.
>
> i know.

Then don't claim you're not being given a choice.
>
> > I'm not
> > going to go to the trouble of rewriting what I think is a good piece of
> > software for somebody who doesn't have a clue about security.
>
> dont get personal.

Excuse me?  _This_ was personal: "i probably gotta hack it together myself, 
because you seem not to be to happy with providing the option...."

> > Especially
> > when I'm not a kubuntu developer in the first place.
>
> than dont assume i am talking to you when i talk about coding in kubuntu,
> after all this is a mailing list!

You were replying to me.  Nobody else was even suggesting it couldn't be done 
- though I think you'll find there's a lot of support for my position.
>
> > 2. kdesu has a checkbox to select between using "su" or "sudo",
>

Hey!  That's extremely rude.  _I_ didn't write that, even though your 
attribution says I did.  I can't even figure out where you cut & pasted from.  
I think it's a huge step backward (not to mention, that it's inconsistent 
with Gnome, where gksu uses _your_ password like the kubuntu kdesu).

> > 3. The privileged, initial user (sudo) is given a complicated password,
> > and treated almost the same as root user (of a traditional distro),
> > hidden at the login user selection menu, and users are discouraged to
> > login with it except administrative tasks,
> > 4. Other user(s) created for daily work.
>
> i dont approve of these steps, whats the point of having a kdesu, if your
> daily-work-account cant change time in kde?

I don't like them, either, but the one big advantage over root is that it's 
not an account name known to every hacker on the net.  (and, in fact, my 
privileged account can't seem to change time in kubuntu, either - or rather, 
the time is right if I want to see UTC, but I can't make it display local 
time).
>
> > you could have any system command automatically invoke sudo every time
> > anybody invoked it

Stop it!  Now you're back to quoting me, and I do NOT support this concept - I 
was explaining why sudo was the way to go - this is merely another way the 
same thing could have been accomplished.
>
> ahhhh.... DO NOT. this would make it incompatible to non-sudo setup 

That's _exactly_ what I said...
>
> the root account has long tradition in unix for reason, dont dispose of it
> that easily

You apparently don't know what that tradition is.  You've made no attempt to 
understand why kdesu has been changed to use sudo insteadd of su, you've made 
no attempt to understand the hazards of a root account, you've simply assumed 
that because things have always been done this way, it's the best way.  A 
great deal of Unix was never done in the "best" way, it was done in a way 
that was "convenient" to the developer's at the time.
-- 
derek




More information about the kubuntu-users mailing list