[kio] src/ioslaves/file/kauth: Do not cache root password for the whole session
chinmoy ranjan
chinmoyrp65 at gmail.com
Sat Jan 13 06:34:25 UTC 2018
On Sat, Jan 13, 2018 at 12:10 AM, David Edmundson <
david at davidedmundson.co.uk> wrote:
> Can we keep all messages on the ML. We can only see half a conversation on
> here.
>
>
I wasn't subscribed to the ML so some parts of conversation were not there.
> TBH I can't see how any application will bypass the prompt
>
> A rogue plugin can call org.kde.kio.file.exec directly with kauth. Or
> even just use DBus directly.
>
The "privilege execution" feature requires a persistent polkit action for
proper functioning. For example, deleting a folder from /opt containing 100
files will call org.kde.kio.file.exec 100 times and without persistence it
will result in 100 prompts.
Even though the issue you have pointed is valid, with my limited knowledge
of polkit I can't think of any alternative solution. Is there any?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20180113/2a70185c/attachment.html>
More information about the Kde-frameworks-devel
mailing list