D14467: Auth Support: Drop privileges if target is not owned by root

Malte Kraus noreply at phabricator.kde.org
Fri Jun 21 14:54:17 BST 2019


maltek added inline comments.

INLINE COMMENTS

> chinmoyr wrote in filehelper.cpp:133
> Ah! Since I was testing inside /opt I didn't notice. I think the order here should be: drop privilege -> change grp -> gain privilege -> change user.

IMO, it's fine (and less complicated) to just do both in one single privileged `fchmod` call.

> chinmoyr wrote in filehelper.cpp:150
> Do you think it'll be a bad idea to skip the case for symlinks in utime, chmod, chown, for now? Right now there's no code in KIO that requires these operations to be performed on the link itself.

Fine by me - I'm only really here to look for security problems, not to decide on which features are required for this to land.

REPOSITORY
  R241 KIO

REVISION DETAIL
  https://phabricator.kde.org/D14467

To: chinmoyr, dfaure, ngraham, elvisangelaccio, #frameworks, #dolphin, maltek
Cc: maltek, mreeves, mgerstner, fvogt, kde-frameworks-devel, LeGast00n, michaelh, ngraham, bruns
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20190621/9dec5eb9/attachment.htm>


More information about the kfm-devel mailing list