Web lists-archives.com

Re: Suggestion to Remove KFloppy and hold back K3b




Am 2017-02-16 16:56, schrieb Reindl Harald:
Am 16.02.2017 um 16:51 schrieb Martin Gräßlin:
Am 2017-02-16 09:16, schrieb Reindl Harald:
Am 16.02.2017 um 06:28 schrieb Martin Gräßlin:
Even xlib and xcb hardly protect against a malicious X server. And we
just cannot assume any more that X is running as root

really? i fear before we see X11 running without root in the wild it's
replaced by wayland....

Sorry, but this is really a bad argument. This is exactly the push-back
we get which I talked about during my presentation at QtCon. When
someone tries to make the system more secure, people are actively
pushing back with stupid and wrong arguments. We as a community make the
NSA's job easier. We should be ashamed of us!

Now to your argument. Fedora ships Wayland in the wild. So what exactly is your point? KFloppy also works on GNOME. Should we not consider GNOME
users for the security aspect?

you got me completly wrong

i only criticized "we just cannot assume any more" because i don't see
that on my machines running KDE  and running Fedora 24 can't be
considered as old software when F25 is realsed just a few weeks ago

Then switch to a login manager which supports root-less X. It's all there, I have investigated issues with Qt 4 years ago as Fedora/GNOME switched to it.

But this is totally offtopic. The point is: DON'T RUN GUI APPS AS ROOT!

Cheers
Martin