From kde-devel Fri Oct 24 12:43:17 2008 From: "George Kiagiadakis" Date: Fri, 24 Oct 2008 12:43:17 +0000 To: kde-devel Subject: Fixing utmp issues in konsole (was Re: resurrecting kwrited) Message-Id: X-MARC-Message: https://marc.info/?l=kde-devel&m=122485228723760 2008/10/13, Oswald Buddenhagen : > On Mon, Oct 13, 2008 at 04:40:57PM +0300, George Kiagiadakis wrote: > > 2008/10/13 Oswald Buddenhagen : > > > - KPty should handle restoring privs for login() and dropping them again > > > automatically. libkpty would have a global constructor to drop the > > > privs on startup in the first place. > > > > I agree, please implement that :P > > > > ha! ;) > i have second thoughts on the implementation. maybe we should go for the > initially thought up central {drop,restore}Privileges() (in which > class?). if libkpty would do its own stuff, it would clash with other > possible users of elevated privileges. Now that I finished fixing kwrited (it's in kdebase/workspace/kwrited), I was thinking of a proper way to fix the same problem in konsole. For those that didn't follow the previous thread, the problem is that konsole does not update the utmp records if libkpty is built without utempter support. To fix this in konsole, we need to setuid/setgid konsole and drop/restore privileges where appropriate, just like all other terminal applications do. A proposed solution is this (this is more or less what Oswald suggested above, I am just making it more clear): 1) We need at least 2 functions in kdelibs: void dropElevatedPrivileges(); void restoreElevatedPrivileges(); (and possibly a set of query functions to see if we are running in setuid/setgid and as which user/group, but that's not really required) I thought that KUser might be an appropriate place for putting them in as static functions that will only be compiled on unix. Or, if you think KUser is not the right place, we could make a new class for that in kdecore. 2) When konsole and kwrited start, they call dropElevatedPrivileges() and then KPty::login() and KPty::logout() internally call restore and drop when they need it. 3) We need a cmake macro (something like macro_kpty_apply_privileges) to apply setuid/setgid if it is needed. Plus, we need "something" (I don't know how this could be implemented, ideas are welcome) to detect from cmake if libkpty requires elevated privileges or not. The current detection is based on whether libutempter and utempter.h exist, but that's not a nice solution because that does not imply that libkpty was built with utempter support! This is it. Now that I have an svn account, I am willing to fix this if nobody else is already working on it, but I will need some feedback for the implementation details (especially the cmake detection that I don't know how to implement). Regards, George >> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<