D5394: KAuth integration in document saving - vol. 2
Fabian Vogt
noreply at phabricator.kde.org
Sat Apr 15 20:22:55 UTC 2017
fvogt added a comment.
It is currently not possible to avoid a race condition as QSaveFile is broken and use of it is currently insecure as the file is created world-readable.
It can be avoided by placing the file in a drwx------ directory, but that's more work than just using QTemporaryFile directly.
However, as far as I can tell it is impossible to make this secure with a simple rename() of a user-created file as the file descriptor
will stay valid after renaming (!) so if you edit /etc/sudoers for example, any application can just open(, O_RDWR) the temporary
file and write to it after the rename without any issues.
I'd suggest one of two ways:
1. Checksum contents
2. Write contents into temporary file with rw-------
3. Start the privileged action:
3.1. Read temporary file into memory
3.2. Verify content with checksum
3.3. Create new temporary file somewhere with rw------ and write content into it
3.4. Change owner
3.5. Change permissions
3.6. Rename
4. Remove temporary file
1. Start the privileged action, send file content directly
2.1. Create new temporary file somewhere with rw------ and write content into it
2.2. Change owner
2.3. Change permissions
2.4. Rename
REPOSITORY
R39 KTextEditor
REVISION DETAIL
https://phabricator.kde.org/D5394
To: martinkostolny, #ktexteditor, fvogt
Cc: elvisangelaccio, aacid, ivan, lbeltrame, fvogt, apol, anthonyfieroni, cullmann, ltoscano, dhaumann, graesslin, davidedmundson, palant, kwrite-devel, dfaure, #frameworks, head7, kfunk, sars
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20170415/7a583365/attachment-0001.html>
More information about the Kde-frameworks-devel
mailing list