Bug#853899: [kde-cli-tools] kdesu binary is not linked in any PATH directory

[Bill Allombert <ballombe@debian.org>]

On Tue, Mar 14, 2017 at 02:52:26PM +0100, Maximiliano Curia wrote:
> Control: tag -1 + wontfix
> 
> ¡Hola Éter!
> 
> El 2017-02-01 a las 21:41 +0100, Éter escribió:
> > Package: kde-cli-tools Version: 4:5.8.4-1 Severity: normal
> 
> > The binary "/usr/lib/x86_64-linux-gnu/libexec/kf5/kdesu" included in
> > package kde-cli-tools is not linked to any of the PATH directories. This
> > way we can't execute the program directly from the terminal.
> 
> > It would be good to have the binary symlinked to /usr/bin
> 
> kdesu is not as secure as we would like it to be, mostly due to X (see
> https://blog.martin-graesslin.com/blog/2017/02/editing-files-as-root/ for
> example). It's currently sort of deprecated upstream and a replacement is in
> the works (probably based on policykit). As such I really don't want to
> attract more users to kdesu.

Hello Maximiliano,
kdesu was in /usr/bin for a long time, so it is not like people do not
know about it. Further being in /usr/lib/* does not prevent bad actors
to use it or to trick users to use it, so it is not a security improvement.

It is more than ten years since a policykit was proposed as a solution
but it has never materialised and is unlikely to provide a kdesu
alternative that does not have the same issues.

The only result is that su-to-root cannot use kdesu anymore and so
it defaults to something even less secure.

Cheers,
-- 
Bill. <ballombe@debian.org> (su-to-root maintainer)

Imagine a large red swirl here.