From kde-core-devel Fri May 26 20:18:37 2006 From: Thiago Macieira Date: Fri, 26 May 2006 20:18:37 +0000 To: kde-core-devel Subject: Re: D-BUS required changes in KDE 4 Message-Id: <200605262219.11352.thiago () kde ! org> X-MARC-Message: https://marc.info/?l=kde-core-devel&m=114867481306333 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--nextPart1263457.qcdD2Mu24f" --nextPart1263457.qcdD2Mu24f Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Olivier Goffart wrote: >Maybe it's just a stupid idea, i have not lot of knowledge in the dbus > and kdesu mechanism. > >But is that possible that the kdesu program do a bridge ? >App1 <---DBus---> kdesu <---DBus---> App2 In theory, yes. In practice, it would require me to write the peer-to-peer= =20 mode of D-BUS (currently not implemented in QtDBus) or relay the actual=20 socket data. >Or maybe add an auth mechanism in DBus, using a shared cookie. (didn't > you tell me it will be required in Windows ?) This is what I had in mind when I trying to find a solution with the D-BUS= =20 developers. So if connection from a different UID is required, a shared=20 cookie will probably be the way. Stephan Kulow wrote: >Hmm, how much did we use that feature anyway? I can't really see a lot > that a kdesu'd program commicates back. After all I can "sudo > konqueror" too This happens often in the KCMs: the Administrator button will launch kdesu= =20 and run kcmshell with a root UID and embed it in your KControl window.=20 But it begs the question: do we really need the entire GUI to be run as a=20 privileged user? As for "sudo konqueror", this will actually fail, since the value of=20 DBUS_SESSION_BUS_ADDRESS will be passed on to the other user, and it'll=20 try to connect to your session bus. If it weren't root, it probably wouldn't be able to connect to the X=20 server, actually. (Not able to read ~/.Xauthority) =2D-=20 Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org thiago.macieira (AT) trolltech.com Trolltech AS GPG: 0x6EF45358 | Sandakerveien 116, E067 918B B660 DBD1 105C | NO-0402 966C 33F5 F005 6EF4 5358 | Oslo, Norway --nextPart1263457.qcdD2Mu24f Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQBEd2K/M/XwBW70U1gRAtz2AKCf41M+Y/b8e+S/PDAGR332FRtNNQCgkFk7 oVUU+m3unrruygxIT2pGbeo= =3Mm1 -----END PGP SIGNATURE----- --nextPart1263457.qcdD2Mu24f--