kio-admin in kdereview

Harald Sitter sitter at kde.org
Fri Oct 14 09:34:04 BST 2022


On Thu, Oct 13, 2022 at 10:32 PM Albert Astals Cid <aacid at kde.org> wrote:
>
> El dijous, 13 d’octubre de 2022, a les 1:03:53 (CEST), Harald Sitter va
> escriure:
> > On Thu, Oct 13, 2022 at 12:46 AM Albert Astals Cid <aacid at kde.org> wrote:
> > > Did I misunderstood the code? It looks like this run all of kio with root
> > > powers?
> >
> > That is correct
>
> That feels like a reasonably big no no with my security hat.
>
> I'm relatively sure we have not audited all of KIO and it's dependencies to be
> "running as root"-safe.

It is scary to be sure, but then the user has to opt into shooting in the foot.

> What's the use case of this against the kauth support in file_unix.cpp ?

The latter doesn't exist :(

HS


More information about the kde-core-devel mailing list