Looking for co-mentors for a GSoC Dolphin/KIO project

Aleix Pol aleixpol at kde.org
Sun Jan 8 19:14:19 GMT 2017 

On Sun, Jan 8, 2017 at 7:48 PM, Elvis Angelaccio
<elvis.angelaccio at kde.org> wrote:
> Hi David and everyone,
> GSoC 2017 is near and it's time to discuss project ideas.
> This year I want to tackle one of the biggest problems in Dolphin:
> lack of polkit support. Dolphin users often don't know how to use the
> command line, so when they have to move root-owned files around they
> are forced to start Dolphin with root permissions, which is bad and
> dangerous.
>
> GSoC is a great opportunity and I'm confident we can find an awesome
> student who will fix this. :)
>
> I started a draft of the project idea in [1] and I'm looking for
> co-mentors and feedback.
> In particular @David:
> 1) Am I right to claim that KAuth support needs to go only in the file
> protocol? i.e. basically refactor into KAuth actions the parts of
> file.cpp and file_unix.cpp where the actual interaction with the
> filesystem happens.
> 2) Is this even possible from a techical point of view? Or maybe KAuth
> and ioslaves don't play well together?
>
> You should be able to edit the shared document, I hope. Please let me
> know if that's not the case.
>
> Cheers,
> Elvis
>
> [1]: https://share.kde.org/index.php/s/bRBrrkOkuSCbkhT

Hi Elvis,
This is a good idea and I see tha it can be useful. I see some
problems though, that could lead the wrong people to the task.

How do we want to implement this? Do we want to be able to run
kioslaves as root? Or do we want to Implement kauth/policykit support
in the file kioslave?
In either case, no modifications in Dolphin should be required. I'm
leaning towards the latter, though.

I think it could be interesting to think about the security
implications it would have to have a file kio that can escalate to
root, note that this will extend to all applications that use KIO, not
just dolphin.

Also if this is not done properly, we could end up with the whole kio
file duplicated into a kauth helper. I'd say it's worth investigating
how the student will implement this. It's well-known by now that it's
not the best idea to have the students design the approach they'll
take.

HTH,
Aleix

More information about the kfm-devel mailing list