D10437: Limit the use of file.so for privilege operation to one application

Chinmoy Ranjan Pradhan noreply at phabricator.kde.org
Sun Feb 11 08:51:29 UTC 2018


chinmoyr created this revision.
chinmoyr added reviewers: Frameworks, dfaure, fvogt.
Restricted Application added a project: Frameworks.
chinmoyr requested review of this revision.

REVISION SUMMARY
  After successful authorization for privilege execution the whole session gets full root-level access via file.so.
  This patch changes file ioslave to not perform a privilege operation if the application which is requesting the
  operation is different from the one that initially requested the operation. However, an exception is made if
  the request came after the expiration of temporary authorization.

REPOSITORY
  R241 KIO

BRANCH
  master

REVISION DETAIL
  https://phabricator.kde.org/D10437

AFFECTED FILES
  src/core/simplejob.cpp
  src/core/slavebase.cpp
  src/core/slavebase.h
  src/ioslaves/file/file_unix.cpp

To: chinmoyr, #frameworks, dfaure, fvogt
Cc: michaelh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20180211/666cde54/attachment.html>


More information about the Kde-frameworks-devel mailing list