D12513: CVE-2018-10361: privilege escalation

2018-06-07 Thread Christoph Cullmann
cullmann added a comment. I followed the "I think it was agreed this is an improvement, so i'm going to suggest we commit it." comment from above. In any case, it is an improvement to the old situation. REPOSITORY R39 KTextEditor REVISION DETAIL https://phabricator.kde.org/D12513 To:

D12513: CVE-2018-10361: privilege escalation

2018-06-07 Thread Christoph Cullmann
This revision was not accepted when it landed; it landed in state "Needs Review". This revision was automatically updated to reflect the committed changes. Closed by commit R39:c81af5aa1d4f: CVE-2018-10361: privilege escalation (authored by cullmann). REPOSITORY R39 KTextEditor CHANGES SINCE

D12513: CVE-2018-10361: privilege escalation

2018-06-07 Thread Christoph Cullmann
cullmann added a comment. I can push that change, if OK. REPOSITORY R39 KTextEditor REVISION DETAIL https://phabricator.kde.org/D12513 To: cullmann, dfaure Cc: acooligan, kwrite-devel, kde-frameworks-devel, mgerstner, aacid, ngraham, fvogt, cullmann, michaelh, kevinapavew, bruns, demski

D12513: CVE-2018-10361: privilege escalation

2018-06-07 Thread Andrew Cooligan
acooligan added a comment. In D12513#269889 , @aacid wrote: > Also not sure if useful but since kio is getting support for writting to "root owned" files we should investigate if maybe we can just simply drop this code altogether? As KIO

D12513: CVE-2018-10361: privilege escalation

2018-05-28 Thread Albert Astals Cid
aacid added a comment. I think it was agreed this is an improvement, so i'm going to suggest we commit it. I'm definitely very short on time to spend here because someone added poppler to oss-fuzz and i've a pile of files that are crashing / causing bad behaviour on poppler to care for.

D12513: CVE-2018-10361: privilege escalation

2018-05-27 Thread Christoph Cullmann
cullmann added a comment. > What should we do with this? == REPOSITORY R39 KTextEditor REVISION DETAIL https://phabricator.kde.org/D12513 To: cullmann, dfaure Cc: kwrite-devel, kde-frameworks-devel, mgerstner, aacid, ngraham, fvogt, cullmann, michaelh, kevi

D12513: CVE-2018-10361: privilege escalation

2018-05-09 Thread Albert Astals Cid
aacid added a comment. I meant dropping privileges to the user that is running the ktexteditor program, not to the user that owns the target directory, but now that i think about it that's pretty stupid since otherwise we wouldn't be needing root :D I'll try to go over this with a fresh

D12513: CVE-2018-10361: privilege escalation

2018-05-09 Thread Matthias Gerstner
mgerstner added a comment. Restricted Application edited subscribers, added: kde-frameworks-devel, kwrite-devel; removed: Frameworks. In D12513#258565 , @aacid wrote: > > Honestly i don't understand why i have to care about anything

D12513: CVE-2018-10361: privilege escalation

2018-05-05 Thread Albert Astals Cid
aacid added a comment. In D12513#257628 , @mgerstner wrote: > If you choose a different approach then you will have to open the target file explicitly, which raises other questions like how to safely replace symlinks. Of course such an approach

D12513: CVE-2018-10361: privilege escalation

2018-05-03 Thread Matthias Gerstner
mgerstner added a comment. In D12513#256845 , @aacid wrote: > @mgerstner I don't really understand why we need the chdir, renameat, etc. > > Dropping privileges to the minimum needed should be enough, shouldn't it? > > I mean at that point

D12513: CVE-2018-10361: privilege escalation

2018-05-01 Thread Albert Astals Cid
aacid added a comment. Next time please use arc to upload patches, so that instead of those ugly "Context not available." we get nice links to see more code :) @mgerstner I don't really understand why we need the chdir, renameat, etc. Dropping privileges to the minimum needed should

D12513: CVE-2018-10361: privilege escalation

2018-04-27 Thread Matthias Gerstner
mgerstner added a comment. Hi, I am the guy that came up with the initial security report. I contacted //cullman// about the issue and we've exchanged a couple of emails about how to improve the code. He asked me about what approach would be better: Setting up the temporary file

D12513: CVE-2018-10361: privilege escalation

2018-04-25 Thread Christoph Cullmann
cullmann added a comment. > Any reason you guys decided to not involve secur...@kde.org ? I think we all forgot to do that, without any real reason, I drop that address a mail now, thanks for the hint! REPOSITORY R39 KTextEditor REVISION DETAIL https://phabricator.kde.org/D12513 To

D12513: CVE-2018-10361: privilege escalation

2018-04-25 Thread Albert Astals Cid
aacid added a comment. Any reason you guys decided to not involve secur...@kde.org ? REPOSITORY R39 KTextEditor REVISION DETAIL https://phabricator.kde.org/D12513 To: cullmann, dfaure Cc: aacid, ngraham, fvogt, cullmann, #frameworks, michaelh, kevinapavew, bruns, demsking, sars, dhauman

D12513: CVE-2018-10361: privilege escalation

2018-04-25 Thread Christoph Cullmann
cullmann added a comment. I will ask the openSUSE engineer Matthias Gerstner for feedback before landing this. REPOSITORY R39 KTextEditor REVISION DETAIL https://phabricator.kde.org/D12513 To: cullmann, dfaure Cc: fvogt, cullmann, #frameworks, michaelh, kevinapavew, ngraham, bruns, dem

D12513: CVE-2018-10361: privilege escalation

2018-04-25 Thread Maximiliano Curia
maximilianocuria resigned from this revision. This revision now requires review to proceed. REPOSITORY R39 KTextEditor REVISION DETAIL https://phabricator.kde.org/D12513 To: cullmann, dfaure Cc: fvogt, cullmann, #frameworks, michaelh, kevinapavew, ngraham, bruns, demsking, sars, dhaumann

D12513: CVE-2018-10361: privilege escalation

2018-04-25 Thread Maximiliano Curia
maximilianocuria added a comment. Mmh, the accept revision doesn't work as a +1, does it? I was intending to say +1/thumbs up, but I would still prefer somebody else to review this. After all, I sent forwarded the original patch, clearly I want this to land, but it's up the frameworks/ktext

D12513: CVE-2018-10361: privilege escalation

2018-04-25 Thread Maximiliano Curia
maximilianocuria accepted this revision. This revision is now accepted and ready to land. REPOSITORY R39 KTextEditor REVISION DETAIL https://phabricator.kde.org/D12513 To: cullmann, maximilianocuria, dfaure Cc: fvogt, cullmann, #frameworks, michaelh, kevinapavew, ngraham, bruns, demsking, s

D12513: CVE-2018-10361: privilege escalation

2018-04-25 Thread Maximiliano Curia
maximilianocuria added a comment. In D12513#253537 , @fvogt wrote: > There's a typo in the title, it should be "privilege escalation". Done REPOSITORY R39 KTextEditor REVISION DETAIL https://phabricator.kde.org/D12513 To: cullmann,

D12513: CVE-2018-10361: privilege escalation

2018-04-25 Thread Maximiliano Curia
maximilianocuria retitled this revision from "CVE-2018-10361: privelege escalation" to "CVE-2018-10361: privilege escalation". REPOSITORY R39 KTextEditor REVISION DETAIL https://phabricator.kde.org/D12513 To: cullmann, maximilianocuria, dfaure Cc: fvogt, cullmann, #frameworks, michaelh, kev