On Sat, Oct 15, 2022 at 9:29 PM Albert Astals Cid <aa...@kde.org> wrote: > > El divendres, 14 d’octubre de 2022, a les 10:34:04 (CEST), Harald Sitter va > escriure: > > On Thu, Oct 13, 2022 at 10:32 PM Albert Astals Cid <aa...@kde.org> wrote: > > > El dijous, 13 d’octubre de 2022, a les 1:03:53 (CEST), Harald Sitter va > > > > > > escriure: > > > > On Thu, Oct 13, 2022 at 12:46 AM Albert Astals Cid <aa...@kde.org> > wrote: > > > > > Did I misunderstood the code? It looks like this run all of kio with > > > > > root > > > > > powers? > > > > > > > > That is correct > > > > > > That feels like a reasonably big no no with my security hat. > > > > > > I'm relatively sure we have not audited all of KIO and it's dependencies > > > to be "running as root"-safe. > > > > It is scary to be sure, but then the user has to opt into shooting in the > > foot. > > How much of that opt in message mentions potential security issues?
None. Just like with kdesu and kdesudo it's merely by virtue of the authentication dialog that the user opts into any security concerns. HS
