fvogt added a comment.
In D10437#204413 <https://phabricator.kde.org/D10437#204413>, @chinmoyr wrote: > In D10437#204382 <https://phabricator.kde.org/D10437#204382>, @fvogt wrote: > > > In D10437#204377 <https://phabricator.kde.org/D10437#204377>, @chinmoyr wrote: > > > > > The whole work is being done inside KIO::Job. If the application uses regular Jobs then I can't see how it can fake it. > > > > > > By not using KIO or using a modified KIO. Never assume you can trust anything you get sent. > > > Going by this logic, it seems any attempt at providing security from job's side is pointless. It is. > So how about moving the handling of prompts to slave's side? At least we can be sure a prompt will be shown all the time. Sounds good. Once polkit granted file.so authorized access to the helper, it needs to be treated as privilege boundary so it needs to prompt. REPOSITORY R241 KIO REVISION DETAIL https://phabricator.kde.org/D10437 To: chinmoyr, #frameworks, dfaure, fvogt Cc: markg, anthonyfieroni, michaelh