KDE6 release: D-Bus and Polkit Galore

the actual end user security could get the same love.<p>the privilege escalation dialog is mostly a windows 10 copy, but just shows: allow dbus.something.something&quot;? the name is always meaningless and have no parameters. and there&#x27;s zero way to get more information. windows at least shows the binary or PowerShell command plus the arguments.

I don&#x27;t know much about openSUSE, but it&#x27;s nice to see the security effort that goes on before importing a large update like KDE6.

I&#x27;m positively surprised someone is looking at all so deeply into potential desktop local privescs, I just assumed the extreme complexity of your average default plasma desktop vs. the relative few users, meant it is probably full of vulnerabilities just not worth the effort of finding them.

Why was this not done with RAII - <a href="https:&#x2F;&#x2F;invent.kde.org&#x2F;frameworks&#x2F;kauth&#x2F;-&#x2F;commit&#x2F;fc70fb0161c1b9144d26389434d34dd135cd3f4a" rel="nofollow">https:&#x2F;&#x2F;invent.kde.org&#x2F;frameworks&#x2F;kauth&#x2F;-&#x2F;commit&#x2F;fc70fb0161c...</a> - if there was an exception between here<p><pre><code> QVariantMap args; QDataStream s(&amp;arguments, QIODevice::ReadOnly); s &gt;&gt; args; </code></pre> Then it won&#x27;t restore the global. Also ... global ugh

These sorts of articles reaffirms to me that there is a dire need to switch to capability based security models. Managing the security with the set of tools we have available in the legacy model leaves lots of room for error.

The update doesn&#x27;t seem too bad - but I did (initially) make the mistake of calling zypper from within KDE, which leads to a crash and leaves the system in an invalid state.<p>(ctrl+alt+f4 from the login screen allows you to get to a command line without starting KDE, and that allows for the upgrade to complete.)<p>I do think that this shouldn&#x27;t be allowed; zypper should exit gracefully and inform the user how to safely perform the upgrade.

I hesitate to use the word &#x27;bloat&#x27;, but ever since DKE4 with that Avahi service or whatever it was, that&#x27;s the impression I&#x27;ve had of KDE. It almost feels like a separate OS on top of an OS.<p>I guess it&#x27;s just not for me. About a year ago I discovered AwesomeWM and just how flexible and configurable it is - I can truly have a 100% completely customized desktop down to every detail.<p>Even without that though I&#x27;d probably opt for something like XFCE if I wanted something with a desktop and taskbar. There&#x27;s just no good reason a desktop has to be as heavy as more popular options. Even the Windows desktop isn&#x27;t as heavy.