From owner-freebsd-security  Fri Oct 19 10:48:16 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mmu.edu.my (ext-dns.mmu.edu.my [203.106.62.11])
	by hub.freebsd.org (Postfix) with ESMTP
	id CC6C237B403; Fri, 19 Oct 2001 10:48:04 -0700 (PDT)
Received: from venus.cyber.mmu.edu.my (venus.cyber.mmu.edu.my [203.106.62.12])
	by mmu.edu.my (8.9.1b+Sun/8.9.1) with ESMTP id BAA28894;
	Sat, 20 Oct 2001 01:43:57 +0800 (MYT)
Received: from there (hb2c-20.cyber.mmu.edu.my [10.100.99.40])
	by venus.cyber.mmu.edu.my (8.8.8+Sun/8.8.8) with SMTP id BAA06128;
	Sat, 20 Oct 2001 01:43:51 +0800 (SGT)
Message-Id: <200110191743.BAA06128@venus.cyber.mmu.edu.my>
Content-Type: text/plain;
  charset="iso-8859-1"
From: nuzrin yaapar <nuzrin@goose.net.my>
Reply-To: nuzrin@yahoo.com
Organization: multimedia university
To: Will Andrews <will@physics.purdue.edu>, security@FreeBSD.ORG,
	ports@FreeBSD.ORG, kde@FreeBSD.ORG
Subject: Re: KCheckPass -- make it setuid root or not?
Date: Sat, 20 Oct 2001 01:58:52 +0800
X-Mailer: KMail [version 1.3.1]
References: <20011019120706.T25747@squall.waterspout.com> <20011019120741.U25747@squall.waterspout.com>
In-Reply-To: <20011019120741.U25747@squall.waterspout.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Saturday 20 October 2001 1:07 am, Will Andrews wrote:
> On Fri, Oct 19, 2001 at 12:07:06PM -0500, Will Andrews wrote:
> > OK, so I keep getting mail every now and then from people who
> > can't figure out why kcheckpass / kscreensaver won't authenticate
> > their password(s).  It's because I decided to play it safe and
> > made kcheckpass non setuid root, which it needs in order to call
> > getpwnam().
> >
> > But now I'm tired of getting these emails from people who don't
> > notice the message that kdebase spouts about it.  I want to know
> > if people think it's a safe "risk" to give kcheckpass setuid root
> > privileges so it Just Works(tm) when people try KDE.
>

So, I think it's better to have setuid root for kcheckpass. Most people won't 
notice the message, unless they have nothing to do and decided to watch the 
whole compilation/installation process. Most of us just 'cd 
/usr/ports/x11/kde2 && make install clean' and leave it overnight to finish. 
Next morning when kde2 installation have finished...the message has long 
scroll past the screen and lost....


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message