Bug#478274: What about fixing this bug?
Eric Valette wrote:
> Eric Valette wrote:
>> Sune Vuorela wrote:
>>> On Tue, 24 Jun 2008 12:58:25 +0200, Eric Valette <eric.valette@free.fr>
>>> wrote:
>>>> Can annyone care to fix real bug ;-)
>>> Sorry. We are too busy with closing all your non-bugs.
>> You bloody arrogant idiot! No being able to login once the automtic
>> screen saver start and asks for a password is not a bug? You have to
>> become root and kill the process. Not really safe in a business environment!
>
> And BTW the same bug cause the same problem with LDAP user management if
> you think NIS is just too old. And the answer was just the same: who
> cares for non corparate environment.
>
> Bug was #298148.
In addition, you should probably read kcheckpass man page before saying
it was not intended to be setuid root:
KCheckPass is KDE's authentication program. It is meant to be used by
any software in need of user authentication, most notably screensavers.
It enhances security be the following means:
- It's only a small program, which is hopefully simple
enough to allow it to be SUID root. Setting it to SUID root is
necessary on Shadow Password systems.
- No other program in need of user authentication, must be
SUID root.
- It provides a single implementation to check passwords. So
one only must take a closer look at KCheckPass to ensure password
security. It's much easier for programs using KCheckPass to preserve
security.
Reply to: