D10437: Limit the use of file.so for privilege operation to one application
Chinmoy Ranjan Pradhan
noreply at phabricator.kde.org
Sun Feb 11 08:51:29 UTC 2018
chinmoyr created this revision.
chinmoyr added reviewers: Frameworks, dfaure, fvogt.
Restricted Application added a project: Frameworks.
chinmoyr requested review of this revision.
REVISION SUMMARY
After successful authorization for privilege execution the whole session gets full root-level access via file.so.
This patch changes file ioslave to not perform a privilege operation if the application which is requesting the
operation is different from the one that initially requested the operation. However, an exception is made if
the request came after the expiration of temporary authorization.
REPOSITORY
R241 KIO
BRANCH
master
REVISION DETAIL
https://phabricator.kde.org/D10437
AFFECTED FILES
src/core/simplejob.cpp
src/core/slavebase.cpp
src/core/slavebase.h
src/ioslaves/file/file_unix.cpp
To: chinmoyr, #frameworks, dfaure, fvogt
Cc: michaelh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20180211/666cde54/attachment.html>
More information about the Kde-frameworks-devel
mailing list