D12513: CVE-2018-10361: privilege escalation

Albert Astals Cid noreply at phabricator.kde.org
Tue May 1 23:05:47 UTC 2018


aacid added a comment.


  Next time please use arc to upload patches, so that instead of those ugly "Context not available." we get nice links to see more code :)
  
  @mgerstner I don't really understand why we need the chdir, renameat, etc.
  
  Dropping privileges to the minimum needed should be enough, shouldn't it?
  
  I mean at that point the only thing that can happen is that some user breaks files he can write to anyway, so why should we take extra precautions from that point on?

REPOSITORY
  R39 KTextEditor

REVISION DETAIL
  https://phabricator.kde.org/D12513

To: cullmann, dfaure
Cc: mgerstner, aacid, ngraham, fvogt, cullmann, #frameworks, michaelh, kevinapavew, bruns, demsking, sars, dhaumann
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20180501/a4aea342/attachment.html>


More information about the Kde-frameworks-devel mailing list