On 15/10/2007, Joe Morris (NTM) <[EMAIL PROTECTED]> wrote: > On 10/15/2007 08:08 PM, Anders Damm wrote: > > Yes, but you have to type the root password before the actual installation > > takes place. > > It's relay a bit confusing and looks strange! > > > I guess I should just try and see, but since the first screen said > something about adding repositories and or deleting these afterwards, > does this also later prompt for a root password before it actually does > anything? I double checked and yast was running as my user, not root, > so I guess this was my own confusion and paranoia, and not a security > hole. Sorry for the false alarm.
It is necessary to display what will be done to the user prior to requesting root privileges. If root password were asked for immediately then you are passing arbitrary input that the user has not been able to review, straight to a process running as root. This way it's less likely that something malicious could damage the system without the user noticing. -- Benjamin Weber -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
