From kde-core-devel Fri Aug 21 08:21:00 2009 From: Nicola Gigante Date: Fri, 21 Aug 2009 08:21:00 +0000 To: kde-core-devel Subject: Re: Integrate high privileges in KIO and GHNS Message-Id: X-MARC-Message: https://marc.info/?l=kde-core-devel&m=125084292218300 Il giorno 21/ago/09, alle ore 01:17, Dario Freddi ha scritto: > Hello list, > > As you might or might not know, GSoC is over, just like my student's > project. > Nicola has worked on a framework to elevate privileges in a secure, > user > friendly way in KDE applications, OS and backend agnostic (it uses > policykit > on linux, to be clear). > > Nicola, as part of his project, already ported kcmodule and > systemsettings to > support this new framework, and ported the date/time kcmodule to it. > You can > see everything waiting to be merged in branches/work/{kdelibs- > kauth,kdebase- > kauth}. > > Now, we should be all happy to have working kcmodules as root again, > and this > time with a secure and elegant solution, but it doesn't stop here. > My plan is > now to make other pillars of KDE use this framework. In this mail, > I'm talking > about KIO and GHNS. > > By now, when KIO, trying to read or write on a file, finds out that > it has no > permission to do so, it simply quits the job. I would like to > integrate KAuth > into KIO. In this case, when trying to read a file on which the user > has no > read permission, it would check if the user is authorized to do so, > eventually > ask for password, and eventually perform the job. > > Once done that, I would like to offer the possibility to GHNS to > perform > "single-user" installations, or "system-wide" installations using > KAuth. This > would also allow a full port of the KDM module to the new KAuth > system, > something I would really like to have done by 4.4. > > So, by now I wanted to know if there are any strong objections or > advices on > this. But most of all, I would like to hear from KIO/GHNS > maintainers, and > eventually having some pointers on the amount of work required, if > somebody is > willing to help, and whatever. > > Small P.S.: Remember that this framework is completely flexible, > hence users > might also be not authorized at all to perform these kind of > actions, making > KIO act just like it does now. Everything about security and per- > user or per- > group policies are already being taken care of by KAuth (and of > course by the > system administrator). > I will help, of course :D