Hi, Am Sonntag, 4. Februar 2018, 23:47:26 CET schrieb Albert Astals Cid: > So we're having KF5 5.43 next week, has this been figured out?
not quite, but it's on the right track (unlikely for 5.43 though). See below. Cheers, Fabian > I find this thread ended too open ended for my taste. > > Cheers, > Albert > > El dissabte, 13 de gener de 2018, a les 23:55:16 CET, Luca Beltrame va > escriure: > > (please keep Fabian in CC, he's not subscribed and found out most of the > > issues reported here) > > > > At openSUSE we have to request reviews by the security team before > > new polkit services get accepted. This is the case for the kio kauth helper > > as well. > > While the security team raised concerns with the wide capabilities of the > > helper (it can easily be used to do literally everything), we had a look at > > the implementation itself to find some obvious security issues: > > > > - The privilege is persistent for the entire session (already fixed). Not fixed, needs some rework. > > - The confirmation prompt for the kauth action use does not tell what is > > going to happen. So you might open a file dialog and then instead of > > opening a file, write to /bin/sh. Not fixed, probably needs some changes in KAuth or at the very least splitting the current action into multiple ones. > > - Trivial stack-based buffer overflow in the kauth helper: > > https://cgit.kde.org/kio.git/tree/src/ioslaves/file/sharefd_p.h#n57 Fixed. > > - The socket used to send and receive file descriptors does not have any > > kind of permission check. You can easily send fds to and receive fds from > > users of the kauth helper on the same machine. Fixed. > > (BTW, > > SocketAddress::length should return the actual length of the buffer, > > currently it adds ~100 '\0' bytes to the end) Fixed. > > > > In its current state we can not recommend anyone to enable this. > > However, we hope that those issues can be addressed, it does provide some > > useful functionality. > > > > Luca Beltrame > > on behalf of the openSUSE KDE Team > > > > >
