D10641: Revoke temporary authorization of KIO slave before sending it to klauncher

Chinmoy Ranjan Pradhan noreply at phabricator.kde.org
Sun Feb 18 16:48:28 UTC 2018


chinmoyr created this revision.
chinmoyr added a reviewer: dfaure.
Restricted Application added a project: Frameworks.
Restricted Application added a subscriber: Frameworks.
chinmoyr requested review of this revision.

REVISION SUMMARY
  An idle slave authorized for privilege operation can be easily misused.
  This patch changes SlaveBase to revoke temporary authorization(s) of the slave before
  sending it to klauncher.
  
  Depends on D10568 <https://phabricator.kde.org/D10568> and D10638 <https://phabricator.kde.org/D10638>

TEST PLAN
  1.An over-simplified version of how the slave is sent to klauncher:
  2.SlaveBase calls `connectSlave(d->poolSocket)`
  3.This in turn emits `newConnection`
  4.In klauncher this signal connects to `acceptSlave` which creates a new IdleSlave.
  5.Then `mConnectionServer` gets the connection backend of the Slave and sets it as the connection backed in IdleSlave.
  6.IdleSlave then sends CMD_SLAVE_STATUS command and gets Slave's details. (pid, protocol etc)
  7.kaluncher then stores this IdleSlave.

REPOSITORY
  R241 KIO

BRANCH
  master

REVISION DETAIL
  https://phabricator.kde.org/D10641

AFFECTED FILES
  src/core/CMakeLists.txt
  src/core/slavebase.cpp
  src/core/slavebase.h

To: chinmoyr, dfaure
Cc: fvogt, #frameworks, michaelh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20180218/6775e818/attachment-0001.html>


More information about the Kde-frameworks-devel mailing list