D12795: Re-allow running Dolphin as the root user (but still not using sudo)

Martin Flöser noreply at phabricator.kde.org
Sun May 20 20:38:00 BST 2018


graesslin added a comment.


  In D12795#265626 <https://phabricator.kde.org/D12795#265626>, @ngraham wrote:
  
  > In D12795#265619 <https://phabricator.kde.org/D12795#265619>, @graesslin wrote:
  >
  > > Unfortunately drive-by downloads are a common thing for browsers. It does not have much to do with security fixes in browsers. It's more of a common thing.
  >
  >
  > On the contrary, drive-by-downloads are a major concern for browser vendors to fix. If someone reports one to them, they're //very motivated to fix it. Was the exploit that you used ever reported?
  
  
  I never used an exploit. What I would use is the chrome to download behavior. That is not fixed, it's still the default.
  
  > 
  > 
  > In D12795#265619 <https://phabricator.kde.org/D12795#265619>, @graesslin wrote:
  > 
  >> Now to get this into a running binary all you need is to exploit any vulnerability in a file parser running automatically (in our case that would be baloo). Doing that: trivial. Once you have some code running everything is simple. The complete session is unprotected. You get into autostart, etc. etc.
  > 
  > 
  > OK, so let's harden Baloo! An excellent plan.
  
  baloo is just one example. Every program on the user's system can be abused to it. You can also hope that the user just clicks it. Download a video, which uses a vulnerability in vlc, download a zip file which uses a vulnerability in gzip. There are just so many ways. All you need is a simple bug in an application.
  
  As long as browsers are not in a sandbox and not run as a different user, allowing to save files directly to the hard disk, we need to see them as a threat to the user. Yes browser vendors care about drive-by download. Nevertheless they are currently state of the art and that won't change. We need to accept that this is currently the threat level we have to protect against. Hardening kate was one of the ideas I had to protect here. Help to ensure that applications cannot gain root after they got installed.
  
  > This is exactly what Linus Torvalds is talking about in https://lkml.org/lkml/2017/11/21/356. Simply blocking the access is the easy, lazy way out that doesn't actually provide much real security (if we push our users to instead use other file managers as root or sudo, we haven't really gained any security). The //real// way to secure things is to attack things closer to the source: harden the browsers, sandbox `baloo_file_extractor`, etc. Since you care so much about our security, would you like to help out with those?
  
  I rather stay on KWin :-) I help on security there by pushing Wayland and getting rid of that huge insecure X11 nightmare. I help where I can. The ideas of sandbox baloo_file_extractor are after all based on my sandboxing for kscreenlocker.

REPOSITORY
  R318 Dolphin

REVISION DETAIL
  https://phabricator.kde.org/D12795

To: ngraham, markg, elvisangelaccio, #dolphin
Cc: chinmoyr, cfeck, elvisangelaccio, mmustac, Fuchs, markg, graesslin, nicolasfella, zzag, kfm-devel, emmanuelp, spoorun, navarromorales, isidorov, firef, andrebarros
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20180520/ed4ce10d/attachment.htm>


More information about the kfm-devel mailing list