D-BUS required changes in KDE 4
Thiago Macieira
thiago at kde.org
Fri May 26 21:18:37 BST 2006
Olivier Goffart wrote:
>Maybe it's just a stupid idea, i have not lot of knowledge in the dbus
> and kdesu mechanism.
>
>But is that possible that the kdesu program do a bridge ?
>App1 <---DBus---> kdesu <---DBus---> App2
In theory, yes. In practice, it would require me to write the peer-to-peer
mode of D-BUS (currently not implemented in QtDBus) or relay the actual
socket data.
>Or maybe add an auth mechanism in DBus, using a shared cookie. (didn't
> you tell me it will be required in Windows ?)
This is what I had in mind when I trying to find a solution with the D-BUS
developers. So if connection from a different UID is required, a shared
cookie will probably be the way.
Stephan Kulow wrote:
>Hmm, how much did we use that feature anyway? I can't really see a lot
> that a kdesu'd program commicates back. After all I can "sudo
> konqueror" too
This happens often in the KCMs: the Administrator button will launch kdesu
and run kcmshell with a root UID and embed it in your KControl window.
But it begs the question: do we really need the entire GUI to be run as a
privileged user?
As for "sudo konqueror", this will actually fail, since the value of
DBUS_SESSION_BUS_ADDRESS will be passed on to the other user, and it'll
try to connect to your session bus.
If it weren't root, it probably wouldn't be able to connect to the X
server, actually. (Not able to read ~/.Xauthority)
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
thiago.macieira (AT) trolltech.com Trolltech AS
GPG: 0x6EF45358 | Sandakerveien 116,
E067 918B B660 DBD1 105C | NO-0402
966C 33F5 F005 6EF4 5358 | Oslo, Norway
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20060526/2d162165/attachment.sig>
More information about the kde-core-devel
mailing list