D12513: CVE-2018-10361: privilege escalation

Matthias Gerstner noreply at phabricator.kde.org
Wed May 9 11:51:29 UTC 2018

mgerstner added a comment.
Restricted Application edited subscribers, added: kde-frameworks-devel, kwrite-devel; removed: Frameworks.

  In D12513#258565 <https://phabricator.kde.org/D12513#258565>, @aacid wrote:
  > Honestly i don't understand why i have to care about anything.
  > If we drop privileges, it's just some code running with regular user level
  >  privileges, why are symlinks a problem?
  Well for one, if the target directory is owned by root, then you will be
  dropping privileges to root i.e. you won't drop privileges at all.
  The owners of the directory and the target file may differ. Another case might
  be that target directory and file are owned by root, but one of the upper
  directories is owned by a non-root user. Maybe it is a root-owned directory
  that is only temporary in nature and a race condition is involved i.e. it gets
  deleted before the actual file operations begin.
  It would be uncommon but we never now what the situation might be. The feature
  seems targeted towards users that have no big technical insight. So strange
  situations can be expected. IMO prudence is the better part of valor here.

  R39 KTextEditor


To: cullmann, dfaure
Cc: kwrite-devel, kde-frameworks-devel, mgerstner, aacid, ngraham, fvogt, cullmann, michaelh, kevinapavew, bruns, demsking, sars, dhaumann, #frameworks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kwrite-devel/attachments/20180509/fda27314/attachment.html>

More information about the KWrite-Devel mailing list