https://bugs.kde.org/show_bug.cgi?id=414289
Bug ID: 414289
Summary: KAuth helper improvements requested by the SUSE
security team
Product: systemsettings
Version: unspecified
Platform: openSUSE RPMs
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: kcm_sddm
Assignee: k...@davidedmundson.co.uk
Reporter: fab...@ritter-vogt.de
Target Milestone: ---
Copy-pasting from https://bugzilla.opensuse.org/show_bug.cgi?id=1145182
a) and b) got fixed meanwhile
c) SdmAutHelper::save() and SdmAuthHelper::installtheme() both access
potentially user owned files (background files or theme archive files)
without necessary protection. For example if a user downloads an image to
/tmp then there is a danger that another user might play tricks with
symlinks. Without `auth_admin` this would be completely unsafe.
The only safe way to implement this would again be to drop privileges to the
client user and safely copy the file away to some private location only
accessible to root.
d) The README file in the repository is quite meaningless (it seems to contain
build instructions). Installing it as part of the package makes no sense.
Somebody could try to help upstream to add some actual documentation in
there. This is a common theme with KDE packages that the documentation is
lacking and this is sad.
e) The API for SddmAuthHelper::uninstalltheme is unsuitably complex. It takes
a full path to the theme to uninstall and then the implementation tries hard
to make sure this full path exactly points to a theme folder below
/usr/share/sddm/themes. So the sane thing to do here would be to only expect
the theme name to be removed, not a path in the first place.
--
You are receiving this mail because:
You are watching all bug changes.
