From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Craven Subject: Re: kdesu security update needed Date: Thu, 29 Sep 2016 20:35:53 +0200 Message-ID: References: <20160929152353.GA6330@jasmine> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:37739) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bpgBe-0006mP-8a for guix-devel@gnu.org; Thu, 29 Sep 2016 14:36:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bpgBZ-0004xB-8K for guix-devel@gnu.org; Thu, 29 Sep 2016 14:36:01 -0400 Received: from mail-yw0-x22f.google.com ([2607:f8b0:4002:c05::22f]:35999) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bpgBY-0004vT-20 for guix-devel@gnu.org; Thu, 29 Sep 2016 14:35:57 -0400 Received: by mail-yw0-x22f.google.com with SMTP id t67so54514292ywg.3 for ; Thu, 29 Sep 2016 11:35:54 -0700 (PDT) In-Reply-To: <20160929152353.GA6330@jasmine> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel > David, since you added all the KDE packages, can you look into this bug > and see what we need to do to protect against it? They have a vendored kdesu. The source files look pretty different now, and I'm having a little trouble seeing if the problem is in kde kdesu or just kde-cli-tools kdesu. From what I can tell the source has diverged and the problem seems to be with the cli client they wrote for the kdesu deamon or something like that. Don't know if this is a satisfying answer...