So we're having KF5 5.43 next week, has this been figured out? I find this thread ended too open ended for my taste.
Cheers, Albert El dissabte, 13 de gener de 2018, a les 23:55:16 CET, Luca Beltrame va escriure: > (please keep Fabian in CC, he's not subscribed and found out most of the > issues reported here) > > At openSUSE we have to request reviews by the security team before > new polkit services get accepted. This is the case for the kio kauth helper > as well. > While the security team raised concerns with the wide capabilities of the > helper (it can easily be used to do literally everything), we had a look at > the implementation itself to find some obvious security issues: > > - The privilege is persistent for the entire session (already fixed). > - The confirmation prompt for the kauth action use does not tell what is > going to happen. So you might open a file dialog and then instead of > opening a file, write to /bin/sh. > - Trivial stack-based buffer overflow in the kauth helper: > https://cgit.kde.org/kio.git/tree/src/ioslaves/file/sharefd_p.h#n57 > - The socket used to send and receive file descriptors does not have any > kind of permission check. You can easily send fds to and receive fds from > users of the kauth helper on the same machine. (BTW, > SocketAddress::length should return the actual length of the buffer, > currently it adds ~100 '\0' bytes to the end) > > In its current state we can not recommend anyone to enable this. > However, we hope that those issues can be addressed, it does provide some > useful functionality. > > Luca Beltrame > on behalf of the openSUSE KDE Team
