Keep Password in KDE su
Thomas Charron
twaffle at gmail.com
Sun Aug 29 15:37:01 EDT 2004
On Sun, 29 Aug 2004 10:27:16 -0400, James Philipson
<japhilipson at yahoo.com> wrote:
> Running KDE 3.2 on Suse 9.1 as a normal user. When I go to perform a
> power function I get a Window that prompts for Root's password so Yast
> can start. That is all well and good. Question: What happens, and
> what are the dangers, when you check "Keep Password"? How is the
> password stored and could this later be used as a hole by some malware?
I wouldn't, honestly. The way that they secure it just seems too me
like it opens an even LARGER hole then would exist if they just did
the SU directly.
Actually, no, thats not true, its really no bigger then it would be
otherwise.
And when you say 'Save Password', it doesnt save it forever. As far
as I know, EVERY time you restart and use it the first time, it's
going to ask for it at LEAST once. So it's NOT stored on disk or
anything..
> I've read this -
> http://docs.kde.org/en/3.2/kdebase/kdesu/sec-password-keeping.html but
> want to read some real world debate on the subject.
More information about the gnhlug-discuss
mailing list