chinmoyr added a comment.

  In, @fvogt wrote:
  > There is one issue I have with this. While this is close to the `sudo`-mode 
of temporary authorization grants, it doesn't work that way as the whole 
session has full access via
  How exactly? Is there any way for an application to choose a slave process 
instead of being assigned one at random? 
  Till now what I have observed is after a successful authentication only the 
slave process is authorised to perform the action and not the application 
itself. So if a malicious app wants to perform some kind of privileged file 
operation then it has to (somehow) pick up a slave that had been already 
authorized. And even if that were possible the slave will still show a 
confirmation dialog.
  > It would be great if this could work with just the application which 
initially requested the privilege.
  > With this, the whole session has full root-level access to literally 
everything on the system.
  I do understand having authorization persist for the entire session means 
disaster but when kauth generates the policy file this option only results in 
  Polkit's manpage says : **auth_admin_keep - Like auth_admin but the 
authorization is kept for a brief period (e.g. five minutes).**
  Also when I execute **pkcheck --list-temp** after authenticating a file 
operation started by dolphin the output I get includes these lines
    subject:          unix-process:9532:1210162 ( [kdeinit5] file 
    expires:          4 min 47 sec from now (Fri Feb  9 21:43:47 2018)
  This suggests **auth_admin_keep** results in temporary authorization of one 
particular process for 5 minutes and not for the entire user session.
  So can you explain me one more time why you think persistence=session is a 
bad idea? Do correct me if I got anything (or everything?) above wrong.

  R241 KIO


To: elvisangelaccio, lbeltrame, dfaure, davidedmundson, fvogt, chinmoyr
Cc: #frameworks, michaelh, ngraham

Reply via email to