On Tue, Mar 14, 2017 at 02:52:26PM +0100, Maximiliano Curia wrote: > Control: tag -1 + wontfix > > ¡Hola Éter! > > El 2017-02-01 a las 21:41 +0100, Éter escribió: > > Package: kde-cli-tools Version: 4:5.8.4-1 Severity: normal > > > The binary "/usr/lib/x86_64-linux-gnu/libexec/kf5/kdesu" included in > > package kde-cli-tools is not linked to any of the PATH directories. This > > way we can't execute the program directly from the terminal. > > > It would be good to have the binary symlinked to /usr/bin > > kdesu is not as secure as we would like it to be, mostly due to X (see > https://blog.martin-graesslin.com/blog/2017/02/editing-files-as-root/ for > example). It's currently sort of deprecated upstream and a replacement is in > the works (probably based on policykit). As such I really don't want to > attract more users to kdesu.
Hello Maximiliano, kdesu was in /usr/bin for a long time, so it is not like people do not know about it. Further being in /usr/lib/* does not prevent bad actors to use it or to trick users to use it, so it is not a security improvement. It is more than ten years since a policykit was proposed as a solution but it has never materialised and is unlikely to provide a kdesu alternative that does not have the same issues. The only result is that su-to-root cannot use kdesu anymore and so it defaults to something even less secure. Cheers, -- Bill. <ballo...@debian.org> (su-to-root maintainer) Imagine a large red swirl here.
