For your comfort, KDE su implements a “keep password” feature. If you are interested in security, you should read this paragraph.
Allowing KDE su to remember passwords opens up a (small)
security hole in your system. Obviously, KDE su does not allow
anybody but your user id to use the passwords, but, if done without
caution, this would lowers root
's security level to that of a
normal user (you). A hacker who breaks into your account, would get
root
access. KDE su tries
to prevent this. The security scheme it uses is, in my opinion at
least, reasonably safe and is explained here.
KDE su uses a daemon, called
kdesud. The daemon listens to a UNIX®
socket in /tmp
for commands. The mode of the
socket is 0600 so that only your user id can connect to it. If
password keeping is enabled, KDE su executes commands through this
daemon. It writes the command and root
's password to the socket and the
daemon executes the command using su, as describe
before. After this, the command and the password are not thrown
away. Instead, they are kept for a specified amount of time. This is
the timeout value from in the control module. If another request for
the same command is coming within this time period, the client does
not have to supply the password. To keep hackers who broke into your
account from stealing passwords from the daemon (for example, by
attaching a debugger), the daemon is installed set-group-id
nogroup. This should prevent all normal users (including you) from
getting passwords from the kdesud
process. Also, the daemon sets the DISPLAY
environment
variable to the value it had when it was started. The only thing a
hacker can do is execute an application on your display.
One weak spot in this scheme is that the programs you execute
are probably not written with security in mind (like setuid
root
programs). This means
that they might have buffer overruns or other problems and a hacker
could exploit those.
The use of the password keeping feature is a tradeoff between security and comfort. I encourage you to think it over and decide for yourself if you want to use it or not.