[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: kdelibs/dcop
From: Waldo Bastian <bastian () kde ! org>
Date: 2004-11-19 22:11:05
Message-ID: 20041119221105.491CA16DC9 () office ! kde ! org
[Download RAW message or body]
CVS commit by waba:
Welcome to the 21st century
M +14 -21 HOWTO 1.20
--- kdelibs/dcop/HOWTO #1.19:1.20
@@ -465,30 +465,23 @@
with the user's id, and a backend process running as root.
-To do this, two steps have to be taken:
+For this you can use kdesu with the --nonewdcop option. kdesu will
+then forward the address of the DCOP server as well as the authentication
+information to the new user.
-a) both processes need to talk to the same DCOP server
-b) the authentication must be ensured
+*WARNING*: This gives the user that you su to, full access to your session!
+If you su to root this will not be a problem, but it may be a problem if
+you su to another user.
-For the first step, you simply pass the server address (as
-found in .DCOPserver) to the second process. For the authentication,
-you can use the ICEAUTHORITY environment variable to tell the
-second process where to find the authentication information.
-(Note that this implies that the second process is able to
-read the authentication file, so it will probably only work
-if the second process runs as root. If it should run as another
-user, a similar approach to what kdesu does with xauth must
-be taken. In fact, it would be a very good idea to add DCOP
-support to kdesu!)
+By default, KDE applications (e.g. the ones that run as root) that connect
+to the dcopserver of another user will not accept any incoming DCOP calls.
+You can override this with DCOPClient::setAcceptCalls() after you have
+carefully reviewed that your DCOPClient does not provide objects/functions
+that could be abused for privilege escalation.
-For example
-ICEAUTHORITY=~user/.ICEauthority kdesu root -c kcmroot -dcopserver `cat ~user/.DCOPserver`
+Example: kdesu --nonewdcop -u root -c kcmroot
-will, after kdesu got the root password, execute kcmroot as root, talking
-to the user's dcop server.
-
-
-NOTE: DCOP communication is not encrypted, so please do not
-pass important information around this way.
+This will, after kdesu got the root password, execute kcmroot as root,
+talking to the user's dcop server.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic