Where's Konqueror in SU

David dgboles at gmail.com
Mon Nov 2 13:54:08 UTC 2009 

On 11/2/2009 8:26 AM, Karel Volný wrote:
> 
>> I'd suggest that anyone who sets up a system without any user
>>  accounts _and_ somehow needs a GUI to configure the system
>>  _and_ can't manage to figure out the settings to change so
>>  they can login as root should probably not be pretending to
>>  be a competent administrator.
> 
> I guess the last part is not correct - he *can* login as root, 
> but *can not* run Konqueror as root ... that's a difference
> 
> oh, and also the original post was not about installing without 
> ordinary user accounts
> 
> well, but this is not the point - the point is, that someone who 
> supposes he's smarter than the others just disables a possibility 
> for the others
> 
> please, stop protecting other people from themselves - if they 
> want to risk being hurt, just let them get hurt ...
> 
> 
> I've got a usecase - what about using Konqueror to configure CUPS
> 
> what is the security difference between doing
> $ su -
> # konqueror localhost:631
> 
> and
> 
> $ konqueror localhost:631
> <supply root password to konqueror when asked for>
> 
> ?
> 
> in the first case, if the attacker gets in control of Konqueror, 
> he can do rm -rf / directly; in the latter, he can capture root 
> password ... which may (or may not) be more valuable
> 
> 
>> Are there not enough examples from Windows of why it's a
>>  terrible idea to run with full administrator privileges --
>>  especially software like web browsers?
> 
> I do not think that using Windows as an argument is worth here
> 
> and do not forget that Konqueror is also a file browser, not just 
> web browser (oh, does everyone really has to do "cd /etc; vi 
> someconfigfile" in the text console?)


You, sir, are advocating one of the major 'stupid Windows users'
arguments for Linux. Run as root.

The point is, I believe, that to disable root is considered a good
thing. Those that disagree with that thought and wish to open their
system that way are free to do so. Those that do not know *how* to do
that probably should *not* do that.

Makes sense to me.


-- 


  David

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-test-list/attachments/20091102/66e60638/attachment.sig>

More information about the fedora-test-list mailing list