Luigi Toscano wrote:
This is not a mistake.
It is. "kdesu kwrite" is a widely used feature, it needs to work.
OpenSUSE will remove the patches at some point.
How do you know? Have you asked them?
I think blocking root execution is a no go and will have to be patched out
Running an entire graphical session as root is no go.
What else do you propose doing if you are rescuing a system with no working
user account? KWrite is a very important rescue tool, being unable to use it
in a rescue scenario is a no go.
And the claimed security issue that prompted the change does not even apply
to KWrite, it has no embedded console.
This [the usability issue] can be addressed but not reverting the
Upstream refused to budge an inch even on this issue, he claims that "if you
bring up a GUI dialog, you have already lost". So you would have to maintain
a patch anyway. At this point, why not just use the much simpler and easier
to maintain patch that removes the broken check to begin with?
In the end, a user that does not run the applications as root is at no
security risk from the absence of the check, so I do not agree at all with
the argument that this check is a security fix.