aacid added a comment.
In https://phabricator.kde.org/D10141#203664, @fvogt wrote: > In https://phabricator.kde.org/D10141#203545, @chinmoyr wrote: > > > In https://phabricator.kde.org/D10141#197039, @fvogt wrote: > > > > > There is one issue I have with this. While this is close to the `sudo`-mode of temporary authorization grants, it doesn't work that way as the whole session has full access via file.so. > > > > > > How exactly? Is there any way for an application to choose a slave process instead of being assigned one at random? > > > There isn't. Which makes any mitigation attempt impossible. There actually kind of is, kio has this "special" mode called KDE_FORK_SLAVES in which slaves are directly forked by the app instead of by klauncher. I'm not sure how much that would help here. Maybe @dfaure can shed some light? REPOSITORY R241 KIO REVISION DETAIL https://phabricator.kde.org/D10141 To: elvisangelaccio, lbeltrame, dfaure, davidedmundson, fvogt, chinmoyr Cc: aacid, #frameworks, michaelh, ngraham
