D10141: Restore Persistence=session for the file ioslave kauth helper
Fabian Vogt
noreply at phabricator.kde.org
Fri Feb 9 22:27:20 UTC 2018
fvogt added a comment.
In https://phabricator.kde.org/D10141#203726, @aacid wrote:
> In https://phabricator.kde.org/D10141#203664, @fvogt wrote:
>
> > In https://phabricator.kde.org/D10141#203545, @chinmoyr wrote:
> >
> > > In https://phabricator.kde.org/D10141#197039, @fvogt wrote:
> > >
> > > > There is one issue I have with this. While this is close to the `sudo`-mode of temporary authorization grants, it doesn't work that way as the whole session has full access via file.so.
> > >
> > >
> > > How exactly? Is there any way for an application to choose a slave process instead of being assigned one at random?
> >
> >
> > There isn't. Which makes any mitigation attempt impossible.
>
>
> There actually kind of is, kio has this "special" mode called KDE_FORK_SLAVES in which slaves are directly forked by the app instead of by klauncher. I'm not sure how much that would help here. Maybe @dfaure can shed some light?
The issue is that file.so decides whether to use the helper or not, so this doesn't actually help.
REPOSITORY
R241 KIO
REVISION DETAIL
https://phabricator.kde.org/D10141
To: elvisangelaccio, lbeltrame, dfaure, davidedmundson, fvogt, chinmoyr
Cc: aacid, #frameworks, michaelh, ngraham
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20180209/671f56ff/attachment.html>
More information about the Kde-frameworks-devel
mailing list