fvogt added a comment.
Thanks for the quick reaction! > 1.Fixes buffer overflow due to strcpy. Looks good, but I would prefer an exception or abort instead of silent truncation. Also note that this makes it possible to delete an arbitrary file on non-linux platforms if `path` is attacker-controlled, which needs to be fixed. > (BTW, SocketAddress::length should return the actual length of the buffer, currently it adds ~100 '\0' bytes to the end) Is not fixed, is this intentional? > 2.Adds checks for socket credentials. Now a file descriptor will be received only if it was sent by a root owned process. Looks sensible, but it doesn't fix the other direction, which is: 1. User asks the kauth helper to open a file as root 2. The kauth helper receives the socket address 3. file.so dies (reason does not matter) 4. Any process can now create a socket with the address the kauth helper connects to and receive the fd IMO the correct fix (which only applies to linux, according to the manpage) is to use a pathname socket in `$XDG_RUNTIME_DIR` (or alternatively, somewhere returned by `mkdtemp`). REPOSITORY R241 KIO REVISION DETAIL https://phabricator.kde.org/D9966 To: chinmoyr, #frameworks, thiago Cc: ngraham, fvogt, lbeltrame, dfaure
