[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: hostname() used in KApplication::launcher
From:       Geert Jansen <g.t.jansen () stud ! tue ! nl>
Date:       2000-07-18 14:36:04
[Download RAW message or body]

Dirk Mueller wrote:

> > Who says so? This is the way it has been done since the launcher was
> > introduced.
>
> Well, there is no complete documentation of what we were hacking on the
> last few days, but I can give you a short summary. for more detailed
> stuff Matthias Ettrich and Michael Matz will be able to help.
>
> By default, ksmserver && DCOPserver will no longer listen on a TCP socket
> because of the security problems with that we want to avoid until
> we have a working framework to handle these problems.
>
> So now dcopserver/ksmserver will only listen on a local AF_UNIX socket
> which has the mode setting 0700, which means only the user itself
> will be able to connect to the dcopserver that is running for him.
>
> we can set it to 0777 but then we need authentification (that
> .ICEauthority file in your home directory). doing that is pretty slow and
> according to Matthias Ettrich the authentification is exploitable, there
> are known security problems in that part of the ICE code.
>
> So right now this means one dcopserver per user. separate dcopservers
> mean also separate klauncher.

Thanks for the explanation. This will require multiple changes in kdesu, 
which assumes one dcop server per uid-host. 

> The points that are unanswered:
>
> do we need communication between different userids?

I guess we don't really _need_ it. It would be nice, but, running a program 
as a different user could be considered an exceptional situation. Not 
everything is guaranteed to work. Things like system notifications, session 
management, ... won't work.

> between different machines?

Same here.

> how to solve the problems attached with it?

If there's only an AF_UNIX socket, I fear the problem is unsolvable without 
major hacks. Generally, a different uid cannot connect to it. 

Another issues that comes to my mind: If there are multiple DCOP servers 
per display, there can be multiple DCOP servers per uid. All socket files 
in a home directory should encode the display in their name. Don't know if 
this is the case currently.

Greetings,
Geert

[prev in list] [next in list] [prev in thread] [next in thread]