Re: [QUESTION] KIO slave-socket shortcut - does it exist?
>Do you mean this as a security issue? > >Albert I'm trying to get the sandbox right for KDE apps. And I found it to be not so trivial, that's why I'm here :)
Re: [QUESTION] KIO slave-socket shortcut - does it exist?
>You can bypass klauncher/kdeinit by exporting the KDE_FORK_SLAVES >environment variable set to 1. Then the applications will spawn the >ioslave process on their own. > >Not sure if this actually helps you, though. Thanks for the pointer to KDE_FORK_SLAVES, it is heading in the right direction and actually seems to solve a number of other issues with sandboxing KDE apps. I feel I should explain my use case a bit better: Imagine a sandboxed app with limited access to system resources and someone with bad intentions controlling this app and trying to escape the sandbox. There are well-known ways to escape from a sandbox, like X11 and D-Bus sockets, but KDE has interesting additional challenges. One is the kdeinit socket, and slave sockets are *potentially* another. My concern is a sandboxed app that somehow manages to control a KIO slave running outside the sandbox. A sysadmin could probably address this by setting KDE_FORK_SLAVES for all programs globally... unfortunately it won't work if the sandbox tries to do something similar.
Re: [QUESTION] KIO slave-socket shortcut - does it exist?
El dimarts, 4 de desembre de 2018, a les 16:37:34 CET, Smits Katze va escriure: > Background: I want to sandbox KDE apps and need to understand better how > KIO works. > > My current level of understanding is that apps ask klauncher/kdeinit for a > KIO slave if they need one. Then either kdeinit spawns a new slave process, > or there is already an idle slave and it is reused. Idle slaves kill > themselves after a couple of minutes if no request is coming in. > Communication between the slave and the app happens via a socket, usually > to find in /run/user/$UID. > > The question is if, or rather when, it is possible to shortcut this > process. Do slaves, especially idle ones, accept commands issued by third > programs via these sockets? Try to take the perspective of an evil-minded > adversary. Do you mean this as a security issue? Albert > > Thank you very much! >
Re: [QUESTION] KIO slave-socket shortcut - does it exist?
On 04/12/18 16:37, Smits Katze wrote: > Background: I want to sandbox KDE apps and need to understand better how > KIO works. > > My current level of understanding is that apps ask klauncher/kdeinit for > a KIO slave if they need one. Then either kdeinit spawns a new slave > process, or there is already an idle slave and it is reused. Idle slaves > kill themselves after a couple of minutes if no request is coming in. > Communication between the slave and the app happens via a socket, > usually to find in /run/user/$UID. > > The question is if, or rather when, it is possible to shortcut this > process. You can bypass klauncher/kdeinit by exporting the KDE_FORK_SLAVES environment variable set to 1. Then the applications will spawn the ioslave process on their own. Not sure if this actually helps you, though. > Do slaves, especially idle ones, accept commands issued by > third programs via these sockets? Try to take the perspective of an > evil-minded adversary. > > Thank you very much! Cheers, Elvis
[QUESTION] KIO slave-socket shortcut - does it exist?
Background: I want to sandbox KDE apps and need to understand better how KIO works. My current level of understanding is that apps ask klauncher/kdeinit for a KIO slave if they need one. Then either kdeinit spawns a new slave process, or there is already an idle slave and it is reused. Idle slaves kill themselves after a couple of minutes if no request is coming in. Communication between the slave and the app happens via a socket, usually to find in /run/user/$UID. The question is if, or rather when, it is possible to shortcut this process. Do slaves, especially idle ones, accept commands issued by third programs via these sockets? Try to take the perspective of an evil-minded adversary. Thank you very much!
