Current security issues with KAuth support in KIO
Luca Beltrame
lbeltrame at kde.org
Sun Jan 14 11:02:41 UTC 2018
Il giorno Sun, 14 Jan 2018 11:12:15 +0100
Elvis Angelaccio <elvis.angelaccio at kde.org> ha scritto:
> No, it's not. Despite the name, 'Persistence=session' just means the
> privilege is kept for a few minutes.
As discussed on IRC, this is an "issue" due to the fact that KIO can do
much more than other KAuth-enabled programs. I'm fully aware that
removing it is not an option in the long run as it kills usability.
> Why 029da62886e0 was committed without code review?
That was me, sorry. I thought it was better to bring this to attention
rather than let it lie until the next Frameworks release.
> Is someone already working on fixes for the above issues?
At the moment, I think not (this stuff was found out properly
yesterday).
More information about the Kde-frameworks-devel
mailing list