[Konsole-devel] KDE 4 Konsole DBus works -- security objections, privilege escalation possible

Lars Doelle lars.doelle at on-line.de
Tue May 5 17:16:33 UTC 2009


Arno,

> From the other mail:
> > To leave the general consideration, what are the intended uses of the feature?

> > When the feature was removed earlier, it was limited to send a 'cd Dir' (where
> > Dir is a proper path name) to allow konqueror to control an embedded konsole,
> > which clearly is much harder to abuse.
> 
> which is pretty useless though. A "cd DIR" is a pretty particular
> demand, which may be done much nicer by giving konsole session a
> specified working directory, e.g. in a profile or by giving "--workdir".
> 
> It still is a bad idea to whitelist just particular, what about a "cd
> foo; rm -rf " for example or any given shell meta character?

Which i meant when i wrote '(where Dir is a proper path name)'.


> I think, Robert will be happily accept this patch, but I'd very unhappy
> when removing that method.

My question was why you'd be unhappy, i.e. what your use cases are.
This is a honest question, since i find it hard to image some. In my
experience, the practical goals of this feature in a use case could
always better be realized by other means. But if there are no use
cases, really, it leaves only the hole.


> Of course this patch is just a solution for  that konsole problem, not resolving the
> (ab)use case for an attacker by doing the almost the very same on the underlying
> X architecture.

A security hole in application A is the responsibility of the developers of
application A and not a charter for application B. Thus a digest would go
on X11, then, and not on the konsole.

-lars



More information about the konsole-devel mailing list