5648 – kppp allows any user to change global settings

Bug 5648 - kppp allows any user to change global settings

Summary: kppp allows any user to change global settings

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	kdenetwork
Sub Component:
Version:	6.1
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Preston Brown
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	1999-10-06 17:56 UTC by tango
Modified:	2008-05-01 15:37 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2000-01-17 18:39:11 UTC
Embargoed:

Attachments	(Terms of Use)

Description tango 1999-10-06 17:56:39 UTC

kppp is actually a soft link: /usr/bin/kppp -> consolehelper
Consolehelper asks for root password and then executes
/sbin/kppp with root privileges. The problem is that, with
this security method, when you modify your kppp
configuration, you're NOT modifying
$HOME/.kde/share/config/kppprc but
/root/.kde/share/config/kppprc and this file is overwritten
by *any* user with his/her own configuration.

Comment 1 Preston Brown 2000-01-17 18:39:59 UTC

fixed for next release.

Note You need to log in before you can comment on or make changes to this bug.