[kio] src/ioslaves/file/kauth: Do not cache root password for the whole session
Elvis Angelaccio
elvis.angelaccio at kde.org
Sun Jan 14 10:23:59 UTC 2018
On venerdì 12 gennaio 2018 19:40:50 CET, David Edmundson wrote:
> Can we keep all messages on the ML. We can only see half a
> conversation on here.
>
>> TBH I can't see how any application will bypass the prompt
>
> A rogue plugin can call org.kde.kio.file.exec directly with
> kauth. Or even just use DBus directly.
Right, even though if you have plugins that execute random code is already
game over.
I'm sure we can find another solution for this problem, rather than
removing the Persistence attribute altogether (which kills the usability of
the feature).
Cheers,
Elvis
More information about the Kde-frameworks-devel
mailing list