Yast / KDE Security Problem

I have noticed in Open SUSE 11 that when I run Yast in KDE (after providing the root password) I can close Yast, and still open and close Yast as many times as I want without entering a password as long as I am still logged in.

This seems like a major security flaw, but it still happens even after running the latest patches.

Has anyone else noticed this behavior?

If you’ve checked the remember password check box in KDE su then it remembers the password for 5 minutes or so. If you launch yast again that timer refreshes I think.

Yes I’ve done this it is 5 minutes & it does refresh after each reuse of yast. It isn’t a flaw it’s your,“Oh I almost forgot protection.”:wink:

OK you’re right, it does go away after about 5 minutes. I assumed it was a bug, because I always used to get a crash in KDE after configuring Kinternet and the KDE crash handler would come up. This has been fixed through updates. I always associated the crash with no log in to get back into Yast.

I just assumed it was a bug, because I was never asked if I wanted to keep Yast open for 5 minutes after logging in, and usually Suse is good about bringing things like that to your attention.

I still think it’s unnecessary though, and would prefer not to have this option.

I think you can uncheck the box and it will no longer behave this way.