Re: [QUESTION] KIO slave-socket shortcut - does it exist?
>Do you mean this as a security issue? > >Albert I'm trying to get the sandbox right for KDE apps. And I found it to be not so trivial, that's why I'm here :)
Re: [QUESTION] KIO slave-socket shortcut - does it exist?
>You can bypass klauncher/kdeinit by exporting the KDE_FORK_SLAVES >environment variable set to 1. Then the applications will spawn the >ioslave process on their own. > >Not sure if this actually helps you, though. Thanks for the pointer to KDE_FORK_SLAVES, it is heading in the right direction and actually seems to solve a number of other issues with sandboxing KDE apps. I feel I should explain my use case a bit better: Imagine a sandboxed app with limited access to system resources and someone with bad intentions controlling this app and trying to escape the sandbox. There are well-known ways to escape from a sandbox, like X11 and D-Bus sockets, but KDE has interesting additional challenges. One is the kdeinit socket, and slave sockets are *potentially* another. My concern is a sandboxed app that somehow manages to control a KIO slave running outside the sandbox. A sysadmin could probably address this by setting KDE_FORK_SLAVES for all programs globally... unfortunately it won't work if the sandbox tries to do something similar.
Re: [QUESTION] KIO slave-socket shortcut - does it exist?
El dimarts, 4 de desembre de 2018, a les 16:37:34 CET, Smits Katze va escriure: > Background: I want to sandbox KDE apps and need to understand better how > KIO works. > > My current level of understanding is that apps ask klauncher/kdeinit for a > KIO slave if they need one. Then either kdeinit spawns a new slave process, > or there is already an idle slave and it is reused. Idle slaves kill > themselves after a couple of minutes if no request is coming in. > Communication between the slave and the app happens via a socket, usually > to find in /run/user/$UID. > > The question is if, or rather when, it is possible to shortcut this > process. Do slaves, especially idle ones, accept commands issued by third > programs via these sockets? Try to take the perspective of an evil-minded > adversary. Do you mean this as a security issue? Albert > > Thank you very much! >
Re: [QUESTION] KIO slave-socket shortcut - does it exist?
On 04/12/18 16:37, Smits Katze wrote: > Background: I want to sandbox KDE apps and need to understand better how > KIO works. > > My current level of understanding is that apps ask klauncher/kdeinit for > a KIO slave if they need one. Then either kdeinit spawns a new slave > process, or there is already an idle slave and it is reused. Idle slaves > kill themselves after a couple of minutes if no request is coming in. > Communication between the slave and the app happens via a socket, > usually to find in /run/user/$UID. > > The question is if, or rather when, it is possible to shortcut this > process. You can bypass klauncher/kdeinit by exporting the KDE_FORK_SLAVES environment variable set to 1. Then the applications will spawn the ioslave process on their own. Not sure if this actually helps you, though. > Do slaves, especially idle ones, accept commands issued by > third programs via these sockets? Try to take the perspective of an > evil-minded adversary. > > Thank you very much! Cheers, Elvis
