Where's Konqueror in SU
David
dgboles at gmail.com
Mon Nov 2 13:54:08 UTC 2009
On 11/2/2009 8:26 AM, Karel Volný wrote:
>
>> I'd suggest that anyone who sets up a system without any user
>> accounts _and_ somehow needs a GUI to configure the system
>> _and_ can't manage to figure out the settings to change so
>> they can login as root should probably not be pretending to
>> be a competent administrator.
>
> I guess the last part is not correct - he *can* login as root,
> but *can not* run Konqueror as root ... that's a difference
>
> oh, and also the original post was not about installing without
> ordinary user accounts
>
> well, but this is not the point - the point is, that someone who
> supposes he's smarter than the others just disables a possibility
> for the others
>
> please, stop protecting other people from themselves - if they
> want to risk being hurt, just let them get hurt ...
>
>
> I've got a usecase - what about using Konqueror to configure CUPS
>
> what is the security difference between doing
> $ su -
> # konqueror localhost:631
>
> and
>
> $ konqueror localhost:631
> <supply root password to konqueror when asked for>
>
> ?
>
> in the first case, if the attacker gets in control of Konqueror,
> he can do rm -rf / directly; in the latter, he can capture root
> password ... which may (or may not) be more valuable
>
>
>> Are there not enough examples from Windows of why it's a
>> terrible idea to run with full administrator privileges --
>> especially software like web browsers?
>
> I do not think that using Windows as an argument is worth here
>
> and do not forget that Konqueror is also a file browser, not just
> web browser (oh, does everyone really has to do "cd /etc; vi
> someconfigfile" in the text console?)
You, sir, are advocating one of the major 'stupid Windows users'
arguments for Linux. Run as root.
The point is, I believe, that to disable root is considered a good
thing. Those that disagree with that thought and wish to open their
system that way are free to do so. Those that do not know *how* to do
that probably should *not* do that.
Makes sense to me.
--
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-test-list/attachments/20091102/66e60638/attachment.sig>
More information about the fedora-test-list
mailing list