Integrate high privileges in KIO and GHNS

Nicola Gigante nicola.gigante at gmail.com
Fri Aug 21 09:21:00 BST 2009


Il giorno 21/ago/09, alle ore 01:17, Dario Freddi ha scritto:

> Hello list,
>
> As you might or might not know, GSoC is over, just like my student's  
> project.
> Nicola has worked on a framework to elevate privileges in a secure,  
> user
> friendly way in KDE applications, OS and backend agnostic (it uses  
> policykit
> on linux, to be clear).
>
> Nicola, as part of his project, already ported kcmodule and  
> systemsettings to
> support this new framework, and ported the date/time kcmodule to it.  
> You can
> see everything waiting to be merged in branches/work/{kdelibs- 
> kauth,kdebase-
> kauth}.
>
> Now, we should be all happy to have working kcmodules as root again,  
> and this
> time with a secure and elegant solution, but it doesn't stop here.  
> My plan is
> now to make other pillars of KDE use this framework. In this mail,  
> I'm talking
> about KIO and GHNS.
>
> By now, when KIO, trying to read or write on a file, finds out that  
> it has no
> permission to do so, it simply quits the job. I would like to  
> integrate KAuth
> into KIO. In this case, when trying to read a file on which the user  
> has no
> read permission, it would check if the user is authorized to do so,  
> eventually
> ask for password, and eventually perform the job.
>
> Once done that, I would like to offer the possibility to GHNS to  
> perform
> "single-user" installations, or "system-wide" installations using  
> KAuth. This
> would also allow a full port of the KDM module to the new KAuth  
> system,
> something I would really like to have done by 4.4.
>
> So, by now I wanted to know if there are any strong objections or  
> advices on
> this. But most of all, I would like to hear from KIO/GHNS  
> maintainers, and
> eventually having some pointers on the amount of work required, if  
> somebody is
> willing to help, and whatever.
>
> Small P.S.: Remember that this framework is completely flexible,  
> hence users
> might also be not authorized at all to perform these kind of  
> actions, making
> KIO act just like it does now. Everything about security and per- 
> user or per-
> group policies are already being taken care of by KAuth (and of  
> course by the
> system administrator).
>

I will help, of course :D





More information about the kde-core-devel mailing list