Call for help: possible race conditions in KAuth

[Luca Beltrame]

When submitting KAuth to openSUSE, the SUSE security team found possible race 
conditions that could lead to security issues[1]-

I'm writing here because until these issues are solved, KAuth will not be 
accepted into openSUSE. 

The second reason I'm posting this here is because it seems people involved 
with KAuth are not reachable:

- security at ko was contacted without an answer;
- other KDE people including drf were contacted without a response;

Some discussion was raised with Martin Briza (CC'ed just in case, so he may 
provide some insight, at least) with regards to polkit-qt-1 issues which were 
(to my understanding) fixed. 

I can say I cannot fix this at all (I can write C++, but I have neither the 
skill nor the time to fix what's needed here), and therefore this is a cry for 
help to see at least the identification of the issue and a fix or workaround, 
or just an explanation why this is not an issue.

I think this is quite important as KAuth is a security-related framework. 

[1] https://bugzilla.novell.com/show_bug.cgi?id=864716#c41

-- 
Luca Beltrame - KDE Forums team
KDE Science supporter
GPG key ID: 6E1A4E79
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20140716/e268a50f/attachment.sig>