Bug#853899: [kde-cli-tools] kdesu binary is not linked in any PATH directory
On Tue, Mar 14, 2017 at 02:52:26PM +0100, Maximiliano Curia wrote:
> Control: tag -1 + wontfix
>
> ¡Hola Éter!
>
> El 2017-02-01 a las 21:41 +0100, Éter escribió:
> > Package: kde-cli-tools Version: 4:5.8.4-1 Severity: normal
>
> > The binary "/usr/lib/x86_64-linux-gnu/libexec/kf5/kdesu" included in
> > package kde-cli-tools is not linked to any of the PATH directories. This
> > way we can't execute the program directly from the terminal.
>
> > It would be good to have the binary symlinked to /usr/bin
>
> kdesu is not as secure as we would like it to be, mostly due to X (see
> https://blog.martin-graesslin.com/blog/2017/02/editing-files-as-root/ for
> example). It's currently sort of deprecated upstream and a replacement is in
> the works (probably based on policykit). As such I really don't want to
> attract more users to kdesu.
Hello Maximiliano,
kdesu was in /usr/bin for a long time, so it is not like people do not
know about it. Further being in /usr/lib/* does not prevent bad actors
to use it or to trick users to use it, so it is not a security improvement.
It is more than ten years since a policykit was proposed as a solution
but it has never materialised and is unlikely to provide a kdesu
alternative that does not have the same issues.
The only result is that su-to-root cannot use kdesu anymore and so
it defaults to something even less secure.
Cheers,
--
Bill. <ballombe@debian.org> (su-to-root maintainer)
Imagine a large red swirl here.
Reply to: