D12732: Implement a more user-friendly run-as-root-or-sudo behavior

Mark Gaiser noreply at phabricator.kde.org
Tue May 8 23:43:39 BST 2018


markg added a comment.


  In D12732#259773 <https://phabricator.kde.org/D12732#259773>, @nicolasfella wrote:
  
  > AFAIU the exploit works like this:
  >
  > A user has a normal, non-root session running which is infected with a malicious program. The program now waits until the user is running 'sudo dolphin' and now can use the exploit to gain elevated privileges.
  >
  > If the user is running as root anyway there is no additional harm, because most likely the malicious program will have root privileges anyway.
  
  
  Which is not that often for Dolphin, but is much more likely for Konsole.
  How to guard that, a terminal emulator by nature!
  I don't think you can... (don't bring up wayland.. we're still in an X11 era whether you want it or not).

REPOSITORY
  R318 Dolphin

REVISION DETAIL
  https://phabricator.kde.org/D12732

To: ngraham, #dolphin, graesslin
Cc: emmanuelp, zzag, nicolasfella, elvisangelaccio, Fuchs, mmustac, markg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20180508/efea647e/attachment.htm>


More information about the kfm-devel mailing list