Results 1 to 5 of 5

Thread: Yast / KDE Security Problem

  1. #1

    Default Yast / KDE Security Problem

    I have noticed in Open SUSE 11 that when I run Yast in KDE (after providing the root password) I can close Yast, and still open and close Yast as many times as I want without entering a password as long as I am still logged in.

    This seems like a major security flaw, but it still happens even after running the latest patches.

    Has anyone else noticed this behavior?

  2. #2

    Default Re: Yast / KDE Security Problem

    If you've checked the remember password check box in KDE su then it remembers the password for 5 minutes or so. If you launch yast again that timer refreshes I think.

  3. #3
    Join Date
    Jun 2008
    Location
    where I am is where I am
    Posts
    1,164

    Default Re: Yast / KDE Security Problem

    Yes I've done this it is 5 minutes & it does refresh after each reuse of yast. It isn't a flaw it's your,"Oh I almost forgot protection."
    I'm just a curious cat
    My 64 bit: RADEON RX 570 |CPU AMD - Ryzen 5 1600
    MOTHERBOARD B450M D53H GGABYTE
    Opensuse Tumbleweed Plasma 5

  4. #4

    Default Re: Yast / KDE Security Problem

    OK you're right, it does go away after about 5 minutes. I assumed it was a bug, because I always used to get a crash in KDE after configuring Kinternet and the KDE crash handler would come up. This has been fixed through updates. I always associated the crash with no log in to get back into Yast.

    I just assumed it was a bug, because I was never asked if I wanted to keep Yast open for 5 minutes after logging in, and usually Suse is good about bringing things like that to your attention.

    I still think it's unnecessary though, and would prefer not to have this option.

  5. #5

    Default Re: Yast / KDE Security Problem

    I think you can uncheck the box and it will no longer behave this way.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •