D12291: Accept file descriptor only from root owned process
Chinmoy Ranjan Pradhan
noreply at phabricator.kde.org
Mon May 28 06:13:34 UTC 2018
chinmoyr added inline comments.
INLINE COMMENTS
> ossi wrote in fdreceiver.cpp:89
> i don't see why that would be horrible; as i pointed out multiple times already, this change is redundant. one correction, though: add a code comment here rather than extending the commit message.
>
> getsockopt() is standard, but the actual options aren't. you could change the ifdef to SO_PEERCRED itself, but that wouldn't actually add any portability.
> i don't see why that would be horrible
I meant adding "acceptConnection = true;" after #warning would look weird. Obviously that's not even an issue and I shouldn't have mentioned it.
There is a discussion[1] going on related to a similar change in ktexteditor. Because ktexteditor also uses polkit to save files in read-only location, one of the suggestions to improve this process, in case the owner of target is not root, was to either ignore the operation or drop privileges to owner/group of the directory. Now in KIO the kauth helper performs every operation as root. So if in future it is decided to do a privilege drop before performing any file operation on non-root targets then this change will likely be a hindrance. After considering the fact that this is also redundant, now I am not really feeling confident about this change. Just out of curiosity, I want to know (although I feel weird for asking this) what was your reason for accepting this patch?
[1]: https://bugzilla.suse.com/show_bug.cgi?id=1033055#c13
REPOSITORY
R241 KIO
BRANCH
master
REVISION DETAIL
https://phabricator.kde.org/D12291
To: chinmoyr, #frameworks, dfaure, ossi
Cc: kde-frameworks-devel, ossi, michaelh, ngraham, bruns
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20180528/a092b6df/attachment.html>
More information about the Kde-frameworks-devel
mailing list