[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: hostname() used in KApplication::launcher
From: Geert Jansen <g.t.jansen () stud ! tue ! nl>
Date: 2000-07-18 14:36:04
[Download RAW message or body]
Dirk Mueller wrote:
> > Who says so? This is the way it has been done since the launcher was
> > introduced.
>
> Well, there is no complete documentation of what we were hacking on the
> last few days, but I can give you a short summary. for more detailed
> stuff Matthias Ettrich and Michael Matz will be able to help.
>
> By default, ksmserver && DCOPserver will no longer listen on a TCP socket
> because of the security problems with that we want to avoid until
> we have a working framework to handle these problems.
>
> So now dcopserver/ksmserver will only listen on a local AF_UNIX socket
> which has the mode setting 0700, which means only the user itself
> will be able to connect to the dcopserver that is running for him.
>
> we can set it to 0777 but then we need authentification (that
> .ICEauthority file in your home directory). doing that is pretty slow and
> according to Matthias Ettrich the authentification is exploitable, there
> are known security problems in that part of the ICE code.
>
> So right now this means one dcopserver per user. separate dcopservers
> mean also separate klauncher.
Thanks for the explanation. This will require multiple changes in kdesu,
which assumes one dcop server per uid-host.
> The points that are unanswered:
>
> do we need communication between different userids?
I guess we don't really _need_ it. It would be nice, but, running a program
as a different user could be considered an exceptional situation. Not
everything is guaranteed to work. Things like system notifications, session
management, ... won't work.
> between different machines?
Same here.
> how to solve the problems attached with it?
If there's only an AF_UNIX socket, I fear the problem is unsolvable without
major hacks. Generally, a different uid cannot connect to it.
Another issues that comes to my mind: If there are multiple DCOP servers
per display, there can be multiple DCOP servers per uid. All socket files
in a home directory should encode the display in their name. Don't know if
this is the case currently.
Greetings,
Geert
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic