https://bugs.kde.org/show_bug.cgi?id=359621
Bug ID: 359621
Summary: Unneeded setgid requirement
Product: kdesu
Version: unspecified
Platform: Debian unstable
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: kdesud
Assignee: kdesu-bugs-n...@kde.org
Reporter: m...@debian.org
Hi,
The kdesu framework currently requires the kdesud to be setgid, the
documentation about this requirement says (client.h):
The daemon should be installed setgid nogroup, in order to be able to act as
an inaccessible,
trusted 3rd party.
Even the check for the daemon file to be setgid is part of the public API of
the kdesu framework.:
class KDESU_EXPORT KDEsuClient
{
public:
...
bool isServerSGID();
...
But, AFAICS, this provides no additional "security". In fact, it would be
better if the check were "make sure the daemon is not setuid", or if it denies
ptrace.
Afaik, having the setgid in place only serves as a way to change the effective
primary group, which will be used for files created by this process.
Unless there is a real reason for this requirement, please drop it.
Happy hacking,
Reproducible: Always
--
You are receiving this mail because:
You are watching all bug changes.
