<table><tr><td style="">graesslin added inline comments.
</td><a style="text-decoration: none; padding: 4px 8px; margin: 0 8px 8px; float: right; color: #464C5C; font-weight: bold; border-radius: 3px; background-color: #F7F7F9; background-image: linear-gradient(to bottom,#fff,#f1f0f1); display: inline-block; border: 1px solid rgba(71,87,120,.2);" href="https://phabricator.kde.org/D4997" rel="noreferrer">View Revision</a></tr></table><br /><div><strong>INLINE COMMENTS</strong><div><div style="margin: 6px 0 12px 0;"><div style="border: 1px solid #C7CCD9; border-radius: 3px;"><div style="padding: 0; background: #F7F7F7; border-color: #e3e4e8; border-style: solid; border-width: 0 0 1px 0; margin: 0;"><div style="color: #74777d; background: #eff2f4; padding: 6px 8px; overflow: hidden;"><a style="float: right; text-decoration: none;" href="https://phabricator.kde.org/D4997#inline-21316" rel="noreferrer">View Inline</a><span style="color: #4b4d51; font-weight: bold;">subdiff</span> wrote in <span style="color: #4b4d51; font-weight: bold;">authenticator.h:63</span></div>
<div style="margin: 8px 0; padding: 0 12px; color: #74777D;"><p style="padding: 0; margin: 8px;">Can we only use the enum class in Authenticator, instead of duplicating it here?</p></div></div>
<div style="margin: 8px 0; padding: 0 12px;"><p style="padding: 0; margin: 8px;">I don't like using enums defined in other classes. But moving it a level up into the namespace would be an option.</p></div></div><br /><div style="border: 1px solid #C7CCD9; border-radius: 3px;"><div style="padding: 0; background: #F7F7F7; border-color: #e3e4e8; border-style: solid; border-width: 0 0 1px 0; margin: 0;"><div style="color: #74777d; background: #eff2f4; padding: 6px 8px; overflow: hidden;"><a style="float: right; text-decoration: none;" href="https://phabricator.kde.org/D4997#inline-21324" rel="noreferrer">View Inline</a><span style="color: #4b4d51; font-weight: bold;">subdiff</span> wrote in <span style="color: #4b4d51; font-weight: bold;">kcheckpass.c:394</span></div>
<div style="margin: 8px 0; padding: 0 12px; color: #74777D;"><p style="padding: 0; margin: 8px;">Shouldn't we test this before we write the result to the socket (and then write an error as result)?</p></div></div>
<div style="margin: 8px 0; padding: 0 12px;"><p style="padding: 0; margin: 8px;">No, we need to support the setuid case. It is used by bsds and slackware. So we need to support general authentication. The break here is more a better safe than sorry thingy. Technically it would support the long running also in setuid. But I don't trust the code. So to decrease the attack surface we do an early exit.</p></div></div></div></div></div><br /><div><strong>REVISION DETAIL</strong><div><a href="https://phabricator.kde.org/D4997" rel="noreferrer">https://phabricator.kde.org/D4997</a></div></div><br /><div><strong>To: </strong>graesslin, Plasma<br /><strong>Cc: </strong>subdiff, plasma-devel, progwolff, lesliezhai, ali-mohamed, jensreuterberg, abetts, sebas, apol<br /></div>