https://bugzilla.novell.com/show_bug.cgi?id=216796 ------- Comment #2 from yez@familieschepers.nl 2006-11-01 01:32 MST ------- Hi Andreas, If it is, then it doesn't seem right to me that I get a popup the 2nd time to provide the root's password. In this popup, it doesn't matter what I fill in, I will get the root access (very confusing). Moreover, if this is the intended functionality, I would expect a checkbox which says "remember password". At last, it also doesn't seem right to me that I don't have to provide the root's password anymore to get root's access to yast2 if I started (and closed!) the "Adjust Date & Time" before. If I don't close the "Adjust Date & Time", I'll have to provide a correct password to yast2. Regards, Edwin -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

https://bugzilla.novell.com/show_bug.cgi?id=216796 ------- Comment #4 from yez@familieschepers.nl 2006-11-08 13:51 MST ------- Hello Stephan, The new subject ("kdesu asks for root password even if not required") is a concern, but I'm more concerned about the buggy functionality described in the 3rd paragraph of my comment. Moreover, it doesn't seem right to me that an ignorant user gets root's acces by default of a program (in this case yast2) if he/she left another app (adjust date&time) with root's access. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

https://bugzilla.novell.com/show_bug.cgi?id=216796 rwalter@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rwalter@novell.com ------- Comment #6 from rwalter@novell.com 2007-01-04 02:14 MST ------- I was about to file a similar bug report because I find it very worrying that I can start YaST as root without it prompting for the password. I think this is a security risk. In the past I haven't worried about letting someone here at home borrow my desktop for a few mins if not connected to SUSE because I knew they couldn't do anything dangerous. When this person doesn't know how to use a command line, I also don't have to worry about the fact that my user is allowed to use sudo. But now you are telling me that if I've used YaST recently or anything else requiring root access I do have to worry. And nothing warned me of this. I consider this a significant change of behavior that both is unexpected and without warning. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

https://bugzilla.novell.com/show_bug.cgi?id=216796 marcel@hilzinger.hu changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |marcel@hilzinger.hu ------- Comment #7 from marcel@hilzinger.hu 2007-01-08 02:51 MST ------- I completely agree with Rebecca: To make such a fundamental change without any documentation is a bad idea. Consider to add this to the release notes, if there will be a new version. Furthermore: sudo should not survive a logout/login. But with actual setup you still can start YaST without root Passwort after logout/login from KDE. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

https://bugzilla.novell.com/show_bug.cgi?id=216796 Dirk Mueller <dmueller@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=216796#c11 Stephan Binner <stbinner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |maximilian_bianco@yahoo.com --- Comment #11 from Stephan Binner <stbinner@novell.com> 2007-10-24 01:05:52 MST --- *** Bug 336204 has been marked as a duplicate of this bug. *** https://bugzilla.novell.com/show_bug.cgi?id=336204 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=216796#c14 --- Comment #14 from Mike Wells <mike_wells@cox.net> 2007-11-26 03:21:02 MST --- This is absolutely unbelievable and at the same time totally unacceptable. To make a root security change without any feedback to the openSUSE user community is beyond comprehension and escapes all logic! It would appear (at least to the "outsider") that a good many persons in R&D are taking leave of their senses! Comment #13 belongs to me and I discovered this problem while spending a considerable amount of time trying to get into CUPS (which btw, I still can not) by doing password changes in YaST. Seems like a case of "playing God" to me just so that some people can get off on the fact that they have the power to make a change of this magnitude with no warning to the user whatsoever! Hey, you couldn't even take the few minutes required to make a change to the password authentication dialog and update the title bar from "KDE su" to "KDE sudo". What a pity. Guess we had to use those precious minutes stuffing useless KDE4 previews into the 10.3 DVD iso. Seems to me that someone high up on the food chain at Novell/SUSE needs to start paying attention to the feedback you are getting from your user community. Especially where bugs like this one are concerned. 10.3 in my estimation is by far the best yet (have been "here" since 9.1) but it appears that words like "quality", "stability", "usability" and "functionality" are quickly disappearing from the R&D dictionary. Now with respect to Mr. Kulow's sordid statement in comment #5; mind reading is not free Mr. Kulow. Go figure! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=216796 User llunak@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=216796#c17 Lubos Lunak <llunak@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |carlos.lange@ualberta.ca --- Comment #17 from Lubos Lunak <llunak@novell.com> 2008-05-02 07:02:45 MST --- *** Bug 340311 has been marked as a duplicate of this bug. *** https://bugzilla.novell.com/show_bug.cgi?id=340311 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=216796 User llunak@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=216796#c19 Lubos Lunak <llunak@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ra100@atlas.sk --- Comment #19 from Lubos Lunak <llunak@novell.com> 2008-05-23 10:09:37 MDT --- *** Bug 387644 has been marked as a duplicate of this bug. *** https://bugzilla.novell.com/show_bug.cgi?id=387644 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=216796 User meissner@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=216796#c21 --- Comment #21 from Marcus Meissner <meissner@novell.com> 2008-05-24 05:31:11 MDT --- bugzilla.novell.com/robots.txt has Disallow: / ... so dont worry. I see the issue has been resolved, so there is no need for further action. Securuity discussions shouldnt be held behind closed doors either, so people can check rationales, concerns, discussions and explanations. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=216796 User llunak@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=216796#c23 Lubos Lunak <llunak@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | --- Comment #23 from Lubos Lunak <llunak@novell.com> 2008-05-27 03:03:12 MDT --- Reopening, I somehow forgot to remove the configure option actually switching the default back to su when submitting. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=216796 User llunak@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=216796#c25 Lubos Lunak <llunak@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Component|KDE |KDE3 Product|openSUSE 10.3 |openSUSE 11.0 Resolution|FIXED | Version|Final |RC 1 --- Comment #25 from Lubos Lunak <llunak@novell.com> 2008-05-30 07:44:45 MDT --- Reopening again, the fix is not going to make it to 11.0 GM. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=216796 User alpha096@virginbroadband.com.au added comment https://bugzilla.novell.com/show_bug.cgi?id=216796#c27 --- Comment #27 from Scott Couston <alpha096@virginbroadband.com.au> 2008-06-27 04:11:25 MDT --- RE #26 I assume this means that this IS resolved in 11.0GM and NOT The bug is present in 11.0GM IF not Please add comments if this comment is NOT accurate....cheers :-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.