Date: Sat, 20 Oct 2001 01:58:52 +0800 From: nuzrin yaapar <nuzrin@goose.net.my> To: Will Andrews <will@physics.purdue.edu>, security@FreeBSD.ORG, ports@FreeBSD.ORG, kde@FreeBSD.ORG Subject: Re: KCheckPass -- make it setuid root or not? Message-ID: <200110191743.BAA06128@venus.cyber.mmu.edu.my> In-Reply-To: <20011019120741.U25747@squall.waterspout.com> References: <20011019120706.T25747@squall.waterspout.com> <20011019120741.U25747@squall.waterspout.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 20 October 2001 1:07 am, Will Andrews wrote: > On Fri, Oct 19, 2001 at 12:07:06PM -0500, Will Andrews wrote: > > OK, so I keep getting mail every now and then from people who > > can't figure out why kcheckpass / kscreensaver won't authenticate > > their password(s). It's because I decided to play it safe and > > made kcheckpass non setuid root, which it needs in order to call > > getpwnam(). > > > > But now I'm tired of getting these emails from people who don't > > notice the message that kdebase spouts about it. I want to know > > if people think it's a safe "risk" to give kcheckpass setuid root > > privileges so it Just Works(tm) when people try KDE. > So, I think it's better to have setuid root for kcheckpass. Most people won't notice the message, unless they have nothing to do and decided to watch the whole compilation/installation process. Most of us just 'cd /usr/ports/x11/kde2 && make install clean' and leave it overnight to finish. Next morning when kde2 installation have finished...the message has long scroll past the screen and lost.... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110191743.BAA06128>