KDE 3.2 and Linux security
Hello! A few days ago I executed an update to KDE 3.2 on my 9.0 Linux system by using the SuSE yast-sources. Everything went very well, but when I played a little with the KDE control center, I noticed a horrible effect: Suddenly every user was able to launch YaST without the need of typing in the root password. I thought there was something I had done wrong while installing KDE, but when I called SuSE hotline, I was told not to update to KDE 3.2 because of all the security und stability risks that come with it on SuSE. Instead of updating SuSE, I was suggested to use Debian or Gentoo with KDE 3.2 instead. Does anyone here recognize these problems? Greetings, Kai Fanslau
On Thursday 05 February 2004 14:49, Kai Fanslau wrote:
A few days ago I executed an update to KDE 3.2 on my 9.0 Linux system by using the SuSE yast-sources. Everything went very well, but when I played a little with the KDE control center, I noticed a horrible effect: Suddenly every user was able to launch YaST without the need of typing in the root password.
Does anyone here recognize these problems?
No such problem here (SuSE 8.2). -- Homepage http://scott.exti.net XFce desktop environment http://www.xfce.org Goodies for the XFce desktop http://xfce-goodies.berlios.de GPG public key ID: 811B00AB
Am Donnerstag, 5. Februar 2004 22:20 schrieb Scott Jones:
On Thursday 05 February 2004 14:49, Kai Fanslau wrote:
A few days ago I executed an update to KDE 3.2 on my 9.0 Linux system by using the SuSE yast-sources. Everything went very well, but when I played a little with the KDE control center, I noticed a horrible effect: Suddenly every user was able to launch YaST without the need of typing in the root password.
Does anyone here recognize these problems?
No such problem here (SuSE 8.2).
confirmed on a 9.0. yast modules seem to run as the current user, so for example a update install fails. bye, MH
On Thursday 05 February 2004 5:00 pm, Mathias Homann wrote:
Am Donnerstag, 5. Februar 2004 22:20 schrieb Scott Jones:
On Thursday 05 February 2004 14:49, Kai Fanslau wrote:
A few days ago I executed an update to KDE 3.2 on my 9.0 Linux system by using the SuSE yast-sources. Everything went very well, but when I played a little with the KDE control center, I noticed a horrible effect: Suddenly every user was able to launch YaST without the need of typing in the root password.
Does anyone here recognize these problems?
No such problem here (SuSE 8.2).
I think it's possible to run Yast as an ordinary user without security problems, since Yast will stop you if you actually try to do something that requires root privileges. Paul Abrahams
On Thursday 05 February 2004 20:49, Kai Fanslau wrote:
A few days ago I executed an update to KDE 3.2 on my 9.0 Linux system by using the SuSE yast-sources. Everything went very well, but when I played a little with the KDE control center, I noticed a horrible effect: Suddenly every user was able to launch YaST without the need of typing in the root password. snip< Does anyone here recognize these problems? Greetings, Kai Fanslau Yes, but I have only upgraded to 3.1.95 so far. However I think it will only allow users to look but not change anything when I tried changing something. Not a problem for me as I'm only a home user but still a surprising find. Jim
participants (5)
-
Jim MacLeod
-
Kai Fanslau
-
Mathias Homann
-
Paul W. Abrahams
-
Scott Jones