kio-admin in kdereview

Michael Reeves reeves.87 at gmail.com
Fri Oct 14 12:05:46 BST 2022


Much as I don't like running KIO as root. The alternative right now is running Dolphin itself as root. KIO still has no kauth/Polkit support.

Oct 14, 2022 4:34:36 AM Harald Sitter <sitter at kde.org>:

> On Thu, Oct 13, 2022 at 10:32 PM Albert Astals Cid <aacid at kde.org> wrote:
>> 
>> El dijous, 13 d’octubre de 2022, a les 1:03:53 (CEST), Harald Sitter va
>> escriure:
>>> On Thu, Oct 13, 2022 at 12:46 AM Albert Astals Cid <aacid at kde.org> wrote:
>>>> Did I misunderstood the code? It looks like this run all of kio with root
>>>> powers?
>>> 
>>> That is correct
>> 
>> That feels like a reasonably big no no with my security hat.
>> 
>> I'm relatively sure we have not audited all of KIO and it's dependencies to be
>> "running as root"-safe.
> 
> It is scary to be sure, but then the user has to opt into shooting in the foot.
> 
>> What's the use case of this against the kauth support in file_unix.cpp ?
> 
> The latter doesn't exist :(
> 
> HS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 854 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20221014/9e00f5ae/attachment.sig>


More information about the kde-core-devel mailing list