[Konsole-devel] KDE 4 Konsole DBus works -- security objections, privilege escalation possible
Lars Doelle
lars.doelle at on-line.de
Tue May 5 14:52:15 UTC 2009
Robert,
> However it is not possible for a program launched remotely or locally
> but not with the user's account to do this. That is, if you run a
> potentially malicious program as another user to 'sandbox' it in, it
> won't be able to use this feature to run commands with your account
> privileges.
As i wrote in another mail, it is clear that the user account is far less a good
sandbox as it was earlier. In particular, the same hole exists in X itself, potentially
affecting all X-clients which bridge into another domain of rights.
Nevertheless, that a program cannot escape the boundaries of a user account
is a usual and valid assumption. To lay yet another escape path is not a good
idea, imo.
To leave the general consideration, what are the intended uses of the feature?
When the feature was removed earlier, it was limited to send a 'cd Dir' (where
Dir is a proper path name) to allow konqueror to control an embedded konsole,
which clearly is much harder to abuse.
-lars
More information about the konsole-devel
mailing list