D9966: [KIO] Fix issues with sharing of file descriptor
Fabian Vogt
noreply at phabricator.kde.org
Thu Jan 18 21:10:30 UTC 2018
fvogt added a comment.
Thanks for the quick reaction!
> 1.Fixes buffer overflow due to strcpy.
Looks good, but I would prefer an exception or abort instead of silent truncation.
Also note that this makes it possible to delete an arbitrary file on non-linux platforms if `path` is attacker-controlled, which needs to be fixed.
> (BTW, SocketAddress::length should return the actual length of the buffer, currently it adds ~100 '\0' bytes to the end)
Is not fixed, is this intentional?
> 2.Adds checks for socket credentials. Now a file descriptor will be received only if it was sent by a root owned process.
Looks sensible, but it doesn't fix the other direction, which is:
1. User asks the kauth helper to open a file as root
2. The kauth helper receives the socket address
3. file.so dies (reason does not matter)
4. Any process can now create a socket with the address the kauth helper connects to and receive the fd
IMO the correct fix (which only applies to linux, according to the manpage) is to use a pathname socket in `$XDG_RUNTIME_DIR` (or alternatively, somewhere returned by `mkdtemp`).
REPOSITORY
R241 KIO
REVISION DETAIL
https://phabricator.kde.org/D9966
To: chinmoyr, #frameworks, thiago
Cc: ngraham, fvogt, lbeltrame, dfaure
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20180118/c4701494/attachment.html>
More information about the Kde-frameworks-devel
mailing list