So we're having KF5 5.43 next week, has this been figured out?

I find this thread ended too open ended for my taste.


El dissabte, 13 de gener de 2018, a les 23:55:16 CET, Luca Beltrame va 
> (please keep Fabian in CC, he's not subscribed and found out most of the
> issues reported here)
> At openSUSE we have to request reviews by the security team before
> new polkit services get accepted. This is the case for the kio kauth helper
> as well.
> While the security team raised concerns with the wide capabilities of the
> helper (it can easily be used to do literally everything), we had a look at
> the implementation itself to find some obvious security issues:
> - The privilege is persistent for the entire session (already fixed).
> - The confirmation prompt for the kauth action use does not tell what is
> going to happen. So you might open a file dialog and then instead of
> opening a file, write to /bin/sh.
> - Trivial stack-based buffer overflow in the kauth helper:
> - The socket used to send and receive file descriptors does not have any
> kind of permission check. You can easily send fds to and receive fds from
> users of the  kauth helper on the same machine.   (BTW,
> SocketAddress::length should return the actual length of the buffer, 
> currently it adds ~100 '\0' bytes to the end)
> In its current state we can not recommend anyone to enable this.
> However, we hope that those issues can be addressed, it does provide some
> useful functionality.
> Luca Beltrame
> on behalf of the openSUSE KDE Team

Reply via email to