Radoslav DejanoviÄ? wrote:

> It does pose some risk,
> however, for it might allow unprivileged user to take a look at some data
> that should be hidden from the user (for example, you can look at firewall
> settings but can't make changes).

But if the user is allowed to read this file (eg. somewhere in /etc)
through Yast, then he can read it anyway, let's say through less.

> On the other hand, you can start yast from console with -firewall switch
> and have a peek at the settings (still can't make changes), so this isn't
> KDE fault but flaw in yast itself. It would be wise to add some paranoia
> to yast so it won't show sensitive data to unprivileged user.

Which is a bad idea, since it merely hides the problem.

-- Matthias

--
Brain-Log http://matthias.leisi.net/

[ reply ]