[Konsole-devel] KDE 4 Konsole DBus works -- security objections, privilege escalation possible

Lars Doelle lars.doelle at on-line.de
Tue May 5 19:49:50 UTC 2009


> [2] https://bugs.kde.org/show_bug.cgi?id=169024#c2
> >>> Why are you not using parallel SSH or the "Copy Input To..." feature?
> >> Because it's pretty annoying to start each session by hand too. :o)
> >> I did start the SSH session that way (key management not included
> >> though). My program ought to be more or less a KDE port of [1],
> >> interrupted by KDE 4 and therefore DBus. The advantage over pssh etc.
> >> is, that this way the shell is interactive, I can still type "yes" or
> >> such things interactively and I'm not limited to bash like command
> >> processing as in pssh. But I think that's much off topic here and now.
> >>
> >> [1] http://sshmenu.sourceforge.net/

Hmm, the problem addressed appears to be that session management does not
extends into the bash and from there into the individual programs. Of course it
would be nice to have vim session being saved with logout and restored on login
again, all with an mc session around it. I sometimes think, i could ask the bash
authors about it...

If one wants to solve the particular use case above with automation, a far more
secure variant is to start a session with a command provided. (As long as DBUS
is confined to the user, naturally, and the DBUS client has user rights already,
which we assume.) 

The konsole can be started with '-e command', but this won't do the merging in
one window. So as an alternative something along the line of

| int ViewManager::newSession(QString command, QString profile, QString directory)

might do what you want. It prevents privilege escalation since the command would
be started with the rights under which the konsole is runs. It you want to provide a
password with the command, do so, or use ssh-copy-id. If automation goes beyond
the start, the ssh could start a remote script ending in shell session.

As a non-automation alternative, how about making a ssh profile, copying it several
times, replacing the IPs? Start a konsole and open the sessions you want. They
will be under session management, i.e. restarted after logout/login.

Or do i understand your use case wrong?

If you want to "extend" the bash somehow ("I'm not limited to bash like command
processing as in pssh"), i believe it safer to do this from within the individual session.
If you have such a case, I'm interested to learn about it.


More information about the konsole-devel mailing list