From owner-freebsd-security  Mon Oct 22  2:30:21 2001
Delivered-To: freebsd-security@freebsd.org
Received: from shikima.mine.nu (pc1-card3-0-cust143.cdf.cable.ntl.com [62.252.49.143])
	by hub.freebsd.org (Postfix) with ESMTP id 01B2037B401
	for <security@freebsd.org>; Mon, 22 Oct 2001 02:30:17 -0700 (PDT)
Received: from rasputin by shikima.mine.nu with local (Exim 3.33 #1)
	id 15vbQG-0007ty-00
	for security@freebsd.org; Mon, 22 Oct 2001 10:31:04 +0100
Date: Mon, 22 Oct 2001 10:31:04 +0100
From: Rasputin <rasputin@submonkey.net>
To: security@freebsd.org
Subject: Re: KCheckPass -- make it setuid root or not?
Message-ID: <20011022103103.A30341@shikima.mine.nu>
Reply-To: Rasputin <rasputin@submonkey.net>
References: <20011019120706.T25747@squall.waterspout.com> <20011019120741.U25747@squall.waterspout.com> <200110191743.BAA06128@venus.cyber.mmu.edu.my>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200110191743.BAA06128@venus.cyber.mmu.edu.my>; from nuzrin@goose.net.my on Sat, Oct 20, 2001 at 01:58:52AM +0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

* nuzrin yaapar <nuzrin@goose.net.my> [011019 18:50]:
> On Saturday 20 October 2001 1:07 am, Will Andrews wrote:
> > On Fri, Oct 19, 2001 at 12:07:06PM -0500, Will Andrews wrote:
> > > OK, so I keep getting mail every now and then from people who
> > > can't figure out why kcheckpass / kscreensaver won't authenticate
> > > their password(s).  It's because I decided to play it safe and
> > > made kcheckpass non setuid root, which it needs in order to call
> > > getpwnam().
> > >
> > > But now I'm tired of getting these emails from people who don't
> > > notice the message that kdebase spouts about it.  I want to know
> > > if people think it's a safe "risk" to give kcheckpass setuid root
> > > privileges so it Just Works(tm) when people try KDE.

> So, I think it's better to have setuid root for kcheckpass. Most people won't 
> notice the message, unless they have nothing to do and decided to watch the 
> whole compilation/installation process. Most of us just 'cd 
> /usr/ports/x11/kde2 && make install clean' and leave it overnight to finish. 
> Next morning when kde2 installation have finished...the message has long 
> scroll past the screen and lost....

Surely a lot of ports have a target to allow you to print a messages at the end
of the build (usually after the install target) - if you point it out at that stage, 
there's no excuse for not reading it, I guess

(/usr/ports/x11/eterm does this if you need to check how it's done)
-- 
Necessity is a mother.
Rasputin :: Jack of All Trades - Master of Nuns ::

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message