<table><tr><td style="">chinmoyr updated this revision to Diff 25215.<br />chinmoyr edited the summary of this revision. <a href="https://phabricator.kde.org/transactions/detail/PHID-XACT-DREV-uvhgudfipddwfy5/" rel="noreferrer">(Show Details)</a><br />chinmoyr added a comment.
</td><a style="text-decoration: none; padding: 4px 8px; margin: 0 8px 8px; float: right; color: #464C5C; font-weight: bold; border-radius: 3px; background-color: #F7F7F9; background-image: linear-gradient(to bottom,#fff,#f1f0f1); display: inline-block; border: 1px solid rgba(71,87,120,.2);" href="https://phabricator.kde.org/D6709" rel="noreferrer">View Revision</a></tr></table><br /><div><div><p>Summary update</p></div></div><br /><div><strong>CHANGES TO REVISION SUMMARY</strong><div><div style="white-space: pre-wrap; color: #74777D;"><span style="padding: 0 2px; color: #333333; background: rgba(251, 175, 175, .7);">Some methods in file ioslave, `FileProtocol::copy` and FileProtocol::put to be precise, use file descriptor of source and destination files</span><span style="padding: 0 2px; color: #333333; background: rgba(151, 234, 151, .6);">When reading or writing a file with elevated privileges the helper will<br />
open the required file (with elevated privileges) and it will share the<br />
open file descriptor with file ioslave</span>. S<span style="padding: 0 2px; color: #333333; background: rgba(251, 175, 175, .7);">o performing any these operations as root user using kauth's helper requires the source or destination file to be opened inside the helper and sending the file descriptor back to ioslave using a suitable IPC mechanism.<br />
<br />
My patch does the task using unix local domain socket.</span><span style="padding: 0 2px; color: #333333; background: rgba(151, 234, 151, .6);">ince the file referred to by the<br />
shared file descriptor was opened by a privileged process,</span> <span style="padding: 0 2px; color: #333333; background: rgba(251, 175, 175, .7);">In principal dbus can also be used. The sequence would be, registering service in ioslave, setting `euid` of the helper process and sending the file descriptor over user's session bus.</span><span style="padding: 0 2px; color: #333333; background: rgba(151, 234, 151, .6);">file ioslave<br />
which is a normal user process will be able to modify the file.<br />
<br />
This patch adds two classes,</span> <span style="padding: 0 2px; color: #333333; background: rgba(251, 175, 175, .7);">I tried it but the code turned out messy</span><span style="padding: 0 2px; color: #333333; background: rgba(151, 234, 151, .6);">FdSender and FdReceiver</span>. <span style="padding: 0 2px; color: #333333; background: rgba(251, 175, 175, .7);">In the end it was somewhat a personal preference.<br />
<br />
There are certain things I would like to know regarding this patch,</span><span style="padding: 0 2px; color: #333333; background: rgba(151, 234, 151, .6);">And as their</span><br />
<span style="padding: 0 2px; color: #333333; background: rgba(251, 175, 175, .7);">In this patch I used the abstract namespace. It will work with linux but I don't know about mac os or bsd. So what to use for them?</span><span style="padding: 0 2px; color: #333333; background: rgba(151, 234, 151, .6);">name suggest they facilitate sending and receiving of an open file</span><br />
<span style="padding: 0 2px; color: #333333; background: rgba(251, 175, 175, .7);">In place of unix sockets, dbus can also be used. So shall i use it ? I am aware there are security issues with both the approaches but using which one of them is less riskier?</span><span style="padding: 0 2px; color: #333333; background: rgba(151, 234, 151, .6);">descriptor between a privileged and a normal process.</span></div></div></div><br /><div><strong>REPOSITORY</strong><div><div>R241 KIO</div></div></div><br /><div><strong>CHANGES SINCE LAST UPDATE</strong><div><a href="https://phabricator.kde.org/D6709?vs=24577&id=25215" rel="noreferrer">https://phabricator.kde.org/D6709?vs=24577&id=25215</a></div></div><br /><div><strong>BRANCH</strong><div><div>master</div></div></div><br /><div><strong>REVISION DETAIL</strong><div><a href="https://phabricator.kde.org/D6709" rel="noreferrer">https://phabricator.kde.org/D6709</a></div></div><br /><div><strong>AFFECTED FILES</strong><div><div>src/ioslaves/file/CMakeLists.txt<br />
src/ioslaves/file/fdreceiver.cpp<br />
src/ioslaves/file/fdreceiver.h<br />
src/ioslaves/file/kauth/fdsender.cpp<br />
src/ioslaves/file/kauth/fdsender.h<br />
src/ioslaves/file/sharefd_p.h</div></div></div><br /><div><strong>To: </strong>chinmoyr, thiago, Frameworks, dfaure<br /><strong>Cc: </strong>dfaure, davidedmundson, elvisangelaccio, shortstheory<br /></div>