--- Comment #53 from Bo Weaver <> ---
(In reply to Antonio Rojas from comment #51)
> (In reply to Bo Weaver from comment #50)
> > Created attachment 112015 [details]
> > Screen Shot
> > 
> > When using kate from the CL you get this in the error.
> > 
> > "Executing Kate as root is not possible. To edit files as root use:
> > SUDO_EDITOR=kate sudoedit <file>"
> > 
> > In many of the blogs it says to use this method.  The method doesn't work. 
> > Please see attached screen shot as evidence.
> You are *still* trying to run it as root. You're supposed to do that as a
> regular user. But in any case, that is obsolete, with a recent enough
> ktexteditor you can edit root owned files by running kate as a regular user.

Dear Antonio Rojas

Clearly you didn't *read* my other posts.  You also didn't read my posts on the
kate flaw thread either.  Of course I am *still* looged in as root.  There are
use cases where you *must* be logged in as root to preform your work properly. 
Pen Testing is one of these cases.  As a security researcher, pen tester,
Assessor, and Security Analyst for almost 30 years.  I must ask "How do you
test your code???"  Do you only use autmomated testing.  Clearly you do use the
defacto industry standard disto (Kali) for pen testing to do manual testing of
your code or you would understand the need for root access to applications.  If
you are not manually testing your code with the manual tools used on a daily
basis by hackers then this is a greater security risk than having Kate of
Dolphin running as root.  This is an EPIC FAIL on your part.  Please remember
Mr. Coder I do this for a living.  You have failed your assessment.  Your reply
has just shown KDE developers are not properly manually auditing their code.

Let's talk about the attachment I sent in.  The error says use SUDO_EDITOR. 
Well what if sudo is set up to be run with NO PASSWORD if an attacker gains
access to the system under a normal user with sudo rights then this command can
be ran and root access gained through the embeded Konsole without the use of a
PASSWORD!  AWS systems the ubuntu account is set up in this manner.  So your
work around is more dangerous than what you are attempting to fix.  So you have
"fixed" nothing only broken the application from normal use.

I hate to repost but since you didn't read my reply on the other thread here it
is again.

Here's a BIG technical reason for this to be changed back.

Root is a "system level" account not a user account under control of the OS and
not the desktop.  Root is to have full access to every process and application.
 This has been a UNIX standard since the 1970's.  KDE is NOT a system level
process.  KDE is a desktop which runs in the Presentation and Application of
the OSI model (You guys have heard of the 7 layers of the OSI model?)  The root
account is part of the System layer of this model.  When developing and
application the developer is not to screw with the system functions.  These
embedded flaws do just that by breaking root access to these bineries. 

Here's a suggestion...  Why don't developers take some courses in Linux Systems
Engineering and learn the rules and standards that the operating systems are
built by?  Clearly you all are not engineers or this would not be a problem and
I would not be writing all this.  Take time to learn the OSI model that
operating systems are designed by. 

One reason I was told for this change was Wayland now runs in the user space. 
Yes this is the case when logged in under a normal user account the compositor
runs under that account.  When logged in under a root account this is not the
case the compositor then runs under the root account just fine.  Download a
copy of Kali the the Gnome DE and you'll see Wayland does run under root when
you are root.  So this reason is flawed.

I have yet to get a reply on any of this from you all.

Again I am the guy you are attempting to "keep out" of your processes and again
I will say this.  If I have hacked a box and have a normal users access I am
not going to attempt to hack a running kate of dolphin process running under
PROCESS!  I will attempt to hijack a running SYSTEM PROCESS not a user

And again I write this below.  sorry to keep repeating myself but you all don't
seem to be listening.

People like myself that must be logged in as root for work understand the risk
and are careful and parinod while in root.  They also understand the risk and
if anything bad happens they assume the risk.  As people like myself only work
under the root account to only do the work needed and then change to a normal
user account for normal use.  I don't need you to hold my hand and keep me

Also I don't need someone who is not a qualified pen tester trying to "educate"
me in my job or my work flow.  Your a coder NOT a security person.  Please quit
peeing in my pond and I will not pee in yours.

Yes I know I am being *rude* again well Mr. Rojas don't be rude and *read* what
I have written and *don't* talk down to me like I am a noobie fool.

It is strange I keep getting noob replies on how to work but I have yet to get
techinical responses to the techinical issues I have raised here.

You are receiving this mail because:
You are watching all bug changes.

Reply via email to