On Thu, Oct 13, 2022 at 10:32 PM Albert Astals Cid <aa...@kde.org> wrote: > > El dijous, 13 d’octubre de 2022, a les 1:03:53 (CEST), Harald Sitter va > escriure: > > On Thu, Oct 13, 2022 at 12:46 AM Albert Astals Cid <aa...@kde.org> wrote: > > > Did I misunderstood the code? It looks like this run all of kio with root > > > powers? > > > > That is correct > > That feels like a reasonably big no no with my security hat. > > I'm relatively sure we have not audited all of KIO and it's dependencies to be > "running as root"-safe.
It is scary to be sure, but then the user has to opt into shooting in the foot. > What's the use case of this against the kauth support in file_unix.cpp ? The latter doesn't exist :( HS
