D14467: Auth Support: Drop privileges if target is not owned by root
Malte Kraus
noreply at phabricator.kde.org
Fri Jun 21 14:54:17 BST 2019
maltek added inline comments.
INLINE COMMENTS
> chinmoyr wrote in filehelper.cpp:133
> Ah! Since I was testing inside /opt I didn't notice. I think the order here should be: drop privilege -> change grp -> gain privilege -> change user.
IMO, it's fine (and less complicated) to just do both in one single privileged `fchmod` call.
> chinmoyr wrote in filehelper.cpp:150
> Do you think it'll be a bad idea to skip the case for symlinks in utime, chmod, chown, for now? Right now there's no code in KIO that requires these operations to be performed on the link itself.
Fine by me - I'm only really here to look for security problems, not to decide on which features are required for this to land.
REPOSITORY
R241 KIO
REVISION DETAIL
https://phabricator.kde.org/D14467
To: chinmoyr, dfaure, ngraham, elvisangelaccio, #frameworks, #dolphin, maltek
Cc: maltek, mreeves, mgerstner, fvogt, kde-frameworks-devel, LeGast00n, michaelh, ngraham, bruns
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20190621/9dec5eb9/attachment.htm>
More information about the kfm-devel
mailing list