[kio] src/ioslaves/file/kauth: Do not cache root password for the whole session
Luca Beltrame
lbeltrame at kde.org
Fri Jan 12 13:15:16 UTC 2018
In data venerdì 12 gennaio 2018 14:00:17 CET, hai scritto:
(putting kde-frameworks-devel in CC, this is important)
> shown depending on the persistence value. Totally removing the persistence
> will lead to two prompts, one from job and another one from kauth.
I'm not doing so unless the underlying issue with Persistence=session, which
caches the root password for the whole session, is fixed.
It was pointed out in D6198 that there's no such thing as persistence in
polkit, however as David mentioned, we don't want the authorization to last
the whole session.
Double prompts are bad UX, but better than a program potentially making abuse
of a persistent file action as root.
--
Luca Beltrame - KDE Forums team
KDE Science supporter
GPG key ID: A29D259B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20180112/d11080d7/attachment.sig>
More information about the Kde-frameworks-devel
mailing list