Keep Password in KDE su
Fred
puissante at lrc.puissante.com
Sun Aug 29 16:01:00 EDT 2004
On Sun, 2004-08-29 at 10:27, James Philipson wrote:
> Running KDE 3.2 on Suse 9.1 as a normal user. When I go to perform a
> power function I get a Window that prompts for Root's password so Yast
> can start. That is all well and good. Question: What happens, and
> what are the dangers, when you check "Keep Password"? How is the
> password stored and could this later be used as a hole by some malware?
>
> I've read this -
> http://docs.kde.org/en/3.2/kdebase/kdesu/sec-password-keeping.html but
> want to read some real world debate on the subject.
Personally, I wouldn't trust it.
If you need to run software a lot that requires root access, may as well
log in as root and get everything done and only that (though I
understand there may be security issues with XWindows running as root.)
Basic rule is: if security is really that important to you, don't do
anything fancy.
--
Fred -- fred at lrc.puissante.com -- place "[hey]" in your subject.
There are inflows and outflows -- and you're just a little node.
More information about the gnhlug-discuss
mailing list