ksmarttray and updates
Andreas Hanke
andreas.hanke at gmx-topmail.de
Fri Aug 11 23:53:49 PDT 2006
Hi,
Stephen Boddy schrieb:
> Well with 62 lines of c, 27 of which are comments or blank, leaving just 35
> lines of actual code, it shouldn't be the hardest program to audit ;-)
You don't need to convince me ;-)
What would make sense from a usability point of view is:
a) Make smart-update 4755;
b) Remove X-KDE-SubstituteUID from ksmarttray.desktop so it doesn't ask
for the root password on each startup;
c) Maybe move smart-update into the ksmarttray RPM to make sure that
it's installed only on those systems where it's actually used.
smart-update doesn't seem to be used by anything else than ksmarttray.
That's the way it is intended to be (as far as I know) and, assuming
that smart-update is safe for 4755, it could be even more secure than
the current solution because the user would no longer be tempted to run
ksmarttray itself as root.
You or someone else can always request that at bugzilla.novell.com, the
worst thing that can happen is that it's rejected.
Andreas Hanke
More information about the Smart
mailing list