D12795: Re-allow running Dolphin as the root user (but still not using sudo)
Martin Flöser
noreply at phabricator.kde.org
Sun May 20 20:17:54 BST 2018
graesslin added a comment.
In D12795#265617 <https://phabricator.kde.org/D12795#265617>, @ngraham wrote:
> In D12795#265616 <https://phabricator.kde.org/D12795#265616>, @graesslin wrote:
>
> > > You would also have to run a malicious application which is quite unlikely if you stick to vendor packages (but sure, there probably is a very small chance that a malicious package lands in the dist repository).
> >
> > nope, sorry. The exploit I wrote would work through a drive-by download through an Internet browser. The world we live in sucks :-(
>
>
> Has the security hole in the web browser that allowed the exploit been fixed?
Unfortunately drive-by downloads are a common thing for browsers. It does not have much to do with security fixes in browsers. It's more of a common thing. In the case of linux the most easy way to get a program running is having the user run chromium. Chromium has the unfortunate default that downloads triggered by the website are automatically downloaded and stored into ~/Downloads. Thus we have a default drive-by download problem. Now to get this into a running binary all you need is to exploit any vulnerability in a file parser running automatically (in our case that would be baloo). Doing that: trivial. Once you have some code running everything is simple. The complete session is unprotected. You get into autostart, etc. etc.
If you are really lucky the browser allows to save to other locations than Download. Then you can just drive-by download a binary, put it into autostart and wait for the session restart.
Getting into a Linux session is damn easy - unfortunately.
REPOSITORY
R318 Dolphin
REVISION DETAIL
https://phabricator.kde.org/D12795
To: ngraham, markg, elvisangelaccio, #dolphin
Cc: chinmoyr, cfeck, elvisangelaccio, mmustac, Fuchs, markg, graesslin, nicolasfella, zzag, kfm-devel, emmanuelp, spoorun, navarromorales, isidorov, firef, andrebarros
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20180520/551dc2c3/attachment.htm>
More information about the kfm-devel
mailing list