Where's Konqueror in SU

Mon Nov 2 13:26:12 UTC 2009

> I'd suggest that anyone who sets up a system without any user
>  accounts _and_ somehow needs a GUI to configure the system
>  _and_ can't manage to figure out the settings to change so
>  they can login as root should probably not be pretending to
>  be a competent administrator.

I guess the last part is not correct - he *can* login as root, 
but *can not* run Konqueror as root ... that's a difference

oh, and also the original post was not about installing without 
ordinary user accounts

well, but this is not the point - the point is, that someone who 
supposes he's smarter than the others just disables a possibility 
for the others

please, stop protecting other people from themselves - if they 
want to risk being hurt, just let them get hurt ...

I've got a usecase - what about using Konqueror to configure CUPS

what is the security difference between doing
$ su -
# konqueror localhost:631

and

$ konqueror localhost:631
<supply root password to konqueror when asked for>

?

in the first case, if the attacker gets in control of Konqueror, 
he can do rm -rf / directly; in the latter, he can capture root 
password ... which may (or may not) be more valuable

> Are there not enough examples from Windows of why it's a
>  terrible idea to run with full administrator privileges --
>  especially software like web browsers?

I do not think that using Windows as an argument is worth here

and do not forget that Konqueror is also a file browser, not just 
web browser (oh, does everyone really has to do "cd /etc; vi 
someconfigfile" in the text console?)

K.

-- 
Karel Volný
QE BaseOs/Daemons Team
Red Hat Czech, Brno
tel. +420 532294274
(RH: +420 532294111 ext. 8262074)
xmpp kavol at jabber.cz
:: "Never attribute to malice what can
::  easily be explained by stupidity."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://lists.fedoraproject.org/pipermail/test/attachments/20091102/271d0c01/attachment.bin 