kio-admin in kdereview
Michael Reeves
reeves.87 at gmail.com
Fri Oct 14 12:05:46 BST 2022
Much as I don't like running KIO as root. The alternative right now is running Dolphin itself as root. KIO still has no kauth/Polkit support.
Oct 14, 2022 4:34:36 AM Harald Sitter <sitter at kde.org>:
> On Thu, Oct 13, 2022 at 10:32 PM Albert Astals Cid <aacid at kde.org> wrote:
>>
>> El dijous, 13 d’octubre de 2022, a les 1:03:53 (CEST), Harald Sitter va
>> escriure:
>>> On Thu, Oct 13, 2022 at 12:46 AM Albert Astals Cid <aacid at kde.org> wrote:
>>>> Did I misunderstood the code? It looks like this run all of kio with root
>>>> powers?
>>>
>>> That is correct
>>
>> That feels like a reasonably big no no with my security hat.
>>
>> I'm relatively sure we have not audited all of KIO and it's dependencies to be
>> "running as root"-safe.
>
> It is scary to be sure, but then the user has to opt into shooting in the foot.
>
>> What's the use case of this against the kauth support in file_unix.cpp ?
>
> The latter doesn't exist :(
>
> HS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 854 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20221014/9e00f5ae/attachment.sig>
More information about the kde-core-devel
mailing list