From kde-core-devel Thu Aug 20 23:17:36 2009 From: Dario Freddi Date: Thu, 20 Aug 2009 23:17:36 +0000 To: kde-core-devel Subject: Integrate high privileges in KIO and GHNS Message-Id: <200908210117.37251.drf54321 () gmail ! com> X-MARC-Message: https://marc.info/?l=kde-core-devel&m=125081035605469 Hello list, As you might or might not know, GSoC is over, just like my student's project. Nicola has worked on a framework to elevate privileges in a secure, user friendly way in KDE applications, OS and backend agnostic (it uses policykit on linux, to be clear). Nicola, as part of his project, already ported kcmodule and systemsettings to support this new framework, and ported the date/time kcmodule to it. You can see everything waiting to be merged in branches/work/{kdelibs-kauth,kdebase- kauth}. Now, we should be all happy to have working kcmodules as root again, and this time with a secure and elegant solution, but it doesn't stop here. My plan is now to make other pillars of KDE use this framework. In this mail, I'm talking about KIO and GHNS. By now, when KIO, trying to read or write on a file, finds out that it has no permission to do so, it simply quits the job. I would like to integrate KAuth into KIO. In this case, when trying to read a file on which the user has no read permission, it would check if the user is authorized to do so, eventually ask for password, and eventually perform the job. Once done that, I would like to offer the possibility to GHNS to perform "single-user" installations, or "system-wide" installations using KAuth. This would also allow a full port of the KDM module to the new KAuth system, something I would really like to have done by 4.4. So, by now I wanted to know if there are any strong objections or advices on this. But most of all, I would like to hear from KIO/GHNS maintainers, and eventually having some pointers on the amount of work required, if somebody is willing to help, and whatever. Small P.S.: Remember that this framework is completely flexible, hence users might also be not authorized at all to perform these kind of actions, making KIO act just like it does now. Everything about security and per-user or per- group policies are already being taken care of by KAuth (and of course by the system administrator). -- ------------------- Dario Freddi KDE Developer GPG Key Signature: 511A9A3B