On venerdì 12 gennaio 2018 17:35:30 CET, chinmoy ranjan wrote:
I just tested this in my session:
kioclient5 copy /mnt
Prompt appears, all OK.
Now I do this again in the same session, after removing the file:
kioclient5 copy /mnt
No password prompt and the file is copied anyway.
I execute
On venerdì 12 gennaio 2018 19:40:50 CET, David Edmundson wrote:
Can we keep all messages on the ML. We can only see half a
conversation on here.
TBH I can't see how any application will bypass the prompt
A rogue plugin can call org.kde.kio.file.exec directly with
kauth. Or even just use DB
>
> There's one thing I don't understand, how did you execute two kioclient
> commands in one session? I mean, as soon as one kioclient5 command finishes
> the session ends and for the next command there will be a new session. Am I
> wrong? If not then there should be a password prompt (persistence
On Sat, Jan 13, 2018 at 12:10 AM, David Edmundson <
da...@davidedmundson.co.uk> wrote:
> Can we keep all messages on the ML. We can only see half a conversation on
> here.
>
>
I wasn't subscribed to the ML so some parts of conversation were not there.
> TBH I can't see how any application will by
Il giorno Fri, 12 Jan 2018 19:10:07 +0530
chinmoy ranjan ha scritto:
> Persistence =session or always both are same and will cache the
> password for 5 mins.
I'll do another check by adjusting again the persistence. However I'm
still not sure about caching passwords in file operations. KIO can d
>I just tested this in my session:
>
>kioclient5 copy /mnt
>
>Prompt appears, all OK.
>
>Now I do this again in the same session, after removing the file:
>
>kioclient5 copy /mnt
>
>No password prompt and the file is copied anyway.
I executed the commands in the same order on a new VM and I am g
>It was pointed out in D6198 that
>there's
>no such thing as persistence in
>polkit,
Persistence =session or always both are same and will cache the password
for 5 mins.
>however as David mentioned, we don't
>want the authorization to last
>the whole session
In response to David's comment I adde
Can we keep all messages on the ML. We can only see half a conversation on
here.
> TBH I can't see how any application will bypass the prompt
A rogue plugin can call org.kde.kio.file.exec directly with kauth. Or even
just use DBus directly.
In data venerdì 12 gennaio 2018 14:42:39 CET, Luca Beltrame ha scritto:
> No password prompt and the file is copied anyway.
To clarify, this happened before my change to Persistence.
--
Luca Beltrame - KDE Forums team
KDE Science supporter
GPG key ID: A29D259B
signature.asc
Description: This i
In data venerdì 12 gennaio 2018 14:40:07 CET, chinmoy ranjan ha scritto:
> TBH I can't see how any application will bypass the prompt. Maybe I am
> wrong. Can you elaborate on the potential risks?
I just tested this in my session:
kioclient5 copy /mnt
Prompt appears, all OK.
Now I do this aga
In data venerdì 12 gennaio 2018 14:00:17 CET, hai scritto:
(putting kde-frameworks-devel in CC, this is important)
> shown depending on the persistence value. Totally removing the persistence
> will lead to two prompts, one from job and another one from kauth.
I'm not doing so unless the under
Git commit 029da62886e0571dfbe54cc4433af8ae8ac3433d by Luca Beltrame.
Committed on 12/01/2018 at 12:41.
Pushed by lbeltrame into branch 'master'.
Do not cache root password for the whole session
With something as KIO, this is *really* bad as further actions will
*not* get any password prompt for
12 matches
Mail list logo
