https://bugs.kde.org/show_bug.cgi?id=466786
--- Comment #29 from Nate Graham ---
Git commit d3ead0674aff6714b67ba9d3a9dfd38a57a66eb3 by Nate Graham.
Committed on 15/03/2023 at 17:33.
Pushed by ngraham into branch 'master'.
Show appropriate error messages when KAuth actions fail
Let's provide
https://bugs.kde.org/show_bug.cgi?id=466786
schm0...@web.de changed:
What|Removed |Added
CC||schm0...@web.de
--- Comment #28 from
https://bugs.kde.org/show_bug.cgi?id=466786
--- Comment #27 from Nate Graham ---
I see, so KAuth files are public and any apps can try to use them. Is there no
way to restrict them to only specific apps, where we can ensure more security.
--
You are receiving this mail because:
You are
https://bugs.kde.org/show_bug.cgi?id=466786
--- Comment #26 from Harald Sitter ---
This call here
https://invent.kde.org/network/kdenetwork-filesharing/-/blob/master/samba/filepropertiesplugin/groupmanager.cpp#L120
may be made by any application that has access to the bus. They may request
https://bugs.kde.org/show_bug.cgi?id=466786
--- Comment #25 from Nate Graham ---
Then where does the group get set? Can you help explain what exactly the
vulnerability is here?
It's clear you understand it, but Marc and I don't, and we're not domain
experts, so it would be helpful if you could
https://bugs.kde.org/show_bug.cgi?id=466786
--- Comment #24 from Harald Sitter ---
(In reply to Nate Graham from comment #22)
> How exactly would that do that? Woudn't they need local root access to
> modify the kauth files to change the group name?
The group name is not encoded in any kauth
https://bugs.kde.org/show_bug.cgi?id=466786
--- Comment #23 from Marc Deop ---
(In reply to Harald Sitter from comment #19)
> Yeah, I don't understand your question.
>
> Because you can pass any old group in we need to limit the amount of garbage
> groups you can put in to abuse the system.
https://bugs.kde.org/show_bug.cgi?id=466786
--- Comment #22 from Nate Graham ---
How exactly would that do that? Woudn't they need local root access to modify
the kauth files to change the group name?
--
You are receiving this mail because:
You are watching all bug changes.
https://bugs.kde.org/show_bug.cgi?id=466786
--- Comment #21 from Harald Sitter ---
you = any program, including malware.
--
You are receiving this mail because:
You are watching all bug changes.
https://bugs.kde.org/show_bug.cgi?id=466786
--- Comment #20 from Nate Graham ---
(In reply to Harald Sitter from comment #19)
> Yeah, I don't understand your question.
>
> Because you can pass any old group in we need to limit the amount of garbage
> groups you can put in to abuse the system.
https://bugs.kde.org/show_bug.cgi?id=466786
--- Comment #19 from Harald Sitter ---
Yeah, I don't understand your question.
Because you can pass any old group in we need to limit the amount of garbage
groups you can put in to abuse the system.
--
You are receiving this mail because:
You are
https://bugs.kde.org/show_bug.cgi?id=466786
--- Comment #18 from Marc Deop ---
(In reply to Harald Sitter from comment #17)
> One can ask the auth helper to make the user a member of any group
That is very nice but the question remains: Why does kde need to do some
hardening via group name?
--
https://bugs.kde.org/show_bug.cgi?id=466786
--- Comment #17 from Harald Sitter ---
One can ask the auth helper to make the user a member of any group
--
You are receiving this mail because:
You are watching all bug changes.
https://bugs.kde.org/show_bug.cgi?id=466786
Marc Deop changed:
What|Removed |Added
CC||k...@marcdeop.com
--- Comment #16 from Marc Deop
https://bugs.kde.org/show_bug.cgi?id=466786
--- Comment #15 from kinghat ---
(In reply to Nate Graham from comment #14)
> Also worth reporting to Fedora that the group name should be called
> "sambashares", not "usershares".
hopefully the correct spot: https://pagure.io/fedora-kde/SIG/issue/109
https://bugs.kde.org/show_bug.cgi?id=466786
--- Comment #14 from Nate Graham ---
Also worth reporting to Fedora that the group name should be called
"sambashares", not "usershares".
--
You are receiving this mail because:
You are watching all bug changes.
https://bugs.kde.org/show_bug.cgi?id=466786
--- Comment #13 from Nate Graham ---
No, we found and fixed the issue. Thanks for reporting it!
--
You are receiving this mail because:
You are watching all bug changes.
https://bugs.kde.org/show_bug.cgi?id=466786
--- Comment #12 from kinghat ---
> Is this 100% reproducible for you? If you remove your user from the
> appropriate group, reboot, and use the setup wizard again, does it happen
> again?
do you still need clarification here?
--
You are receiving
https://bugs.kde.org/show_bug.cgi?id=466786
Nate Graham changed:
What|Removed |Added
Version Fixed In||23.04
Latest Commit|
https://bugs.kde.org/show_bug.cgi?id=466786
--- Comment #10 from Bug Janitor Service ---
A possibly relevant merge request was started @
https://invent.kde.org/network/kdenetwork-filesharing/-/merge_requests/41
--
You are receiving this mail because:
You are watching all bug changes.
https://bugs.kde.org/show_bug.cgi?id=466786
Bug Janitor Service changed:
What|Removed |Added
Status|CONFIRMED |ASSIGNED
--- Comment #9 from Bug Janitor
https://bugs.kde.org/show_bug.cgi?id=466786
--- Comment #8 from Harald Sitter ---
Mind that there is a difference between an invalid group name (e.g. the
directory is group owned by root) indicative of the setup being incorrect and
an unauthorized group name.
--
You are receiving this mail
https://bugs.kde.org/show_bug.cgi?id=466786
--- Comment #7 from Harald Sitter ---
Not sure I understand the question. Yes, we need some hardening ^^
--
You are receiving this mail because:
You are watching all bug changes.
https://bugs.kde.org/show_bug.cgi?id=466786
--- Comment #6 from Nate Graham ---
We also have differing definitions of valid group names in different places in
the code. In authhelper.cpp, we want the group to contain "samba" but in
groupmanager.cpp, we only check for whether the group name is
https://bugs.kde.org/show_bug.cgi?id=466786
Nate Graham changed:
What|Removed |Added
Resolution|WAITINGFORINFO |---
Keywords|
25 matches
Mail list logo