https://bugs.kde.org/show_bug.cgi?id=398154

--- Comment #1 from Andrius Štikonas <andr...@stikonas.eu> ---
That's temporary in my plan. I want to eventually (before release) remove both
"dd" and "mv"

Simple QFile wouldn't work as it wouldn't have root permissions. It has to be
done by KAuth helper. Right now we have 2 KAuth helpers:
 1) externalcommand: running system command (from external command whitelist)
 2) copyblocks: copy arbitrary data from one file/block device to another (this
one uses QFile under the hood.

So we can migrate to the second helper with KAuth.


P.S. there is also a bit of misuse in the way we use KAuth. We just run KAuth
helper and do not return from it until KPM finishes its job. This is done so
that the user would not have to approve every single external command request
separately (which would be impractical, nobody would attempt to enter password
like 20 times in a row).

That's why it might make sense to harder the helper a bit. E.g. don't allow
copyblocks to write to /etc/ or /usr.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to