https://bugs.kde.org/show_bug.cgi?id=452532
--- Comment #18 from Ahmad Samir <a.samir...@gmail.com> --- (In reply to Matthew Forrester from comment #17) > The Debian maintainer suggested altering the kdesu package to make kdesu use > the workaround: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011624#10 > > I do not know how bad a security hole that would be. https://salsa.debian.org/sudo-team/sudo/-/commit/59db341d46aa4c26b54c1270e69f2562e7f3d751 sudo (1.9.5p2-3) unstable; urgency=medium We have added "Defaults use_pty" to the default configuration. This fixes CVE-2005-4890 which has been lingering around for more then a decade. If you would like the old behavior back, please remove the respective line from /etc/sudoers. Let me preface this with stating that I am not an expert on security; however I would say that kdesu should not ship a /etc/sudoers.d/kdesu file with "Defaults!/usr/lib/*/libexec/kf5/kdesu_stub !use_pty" (mentioned in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011624#10) to circumvent a sudo setting/option. That sounds like a local hack, you could do it on your own system if you think it doesn't matter, but we can't force it on everyone else's systems. (And if it doesn't matter or not important, why was that setting enabled by default in sudoers in Debian?). -- You are receiving this mail because: You are watching all bug changes.
