kio-admin in kdereview
Harald Sitter
sitter at kde.org
Sun Oct 16 18:57:25 BST 2022
On Sat, Oct 15, 2022 at 9:29 PM Albert Astals Cid <aacid at kde.org> wrote:
>
> El divendres, 14 d’octubre de 2022, a les 10:34:04 (CEST), Harald Sitter va
> escriure:
> > On Thu, Oct 13, 2022 at 10:32 PM Albert Astals Cid <aacid at kde.org> wrote:
> > > El dijous, 13 d’octubre de 2022, a les 1:03:53 (CEST), Harald Sitter va
> > >
> > > escriure:
> > > > On Thu, Oct 13, 2022 at 12:46 AM Albert Astals Cid <aacid at kde.org>
> wrote:
> > > > > Did I misunderstood the code? It looks like this run all of kio with
> > > > > root
> > > > > powers?
> > > >
> > > > That is correct
> > >
> > > That feels like a reasonably big no no with my security hat.
> > >
> > > I'm relatively sure we have not audited all of KIO and it's dependencies
> > > to be "running as root"-safe.
> >
> > It is scary to be sure, but then the user has to opt into shooting in the
> > foot.
>
> How much of that opt in message mentions potential security issues?
None. Just like with kdesu and kdesudo it's merely by virtue of the
authentication dialog that the user opts into any security concerns.
HS
More information about the kde-core-devel
mailing list