[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Fixing utmp issues in konsole (was Re: resurrecting kwrited)
From:       "George Kiagiadakis" <kiagiadakis.george () gmail ! com>
Date:       2008-10-24 12:43:17
Message-ID: ba4a6e220810240543jd00e056pf873e0ca188d4fa0 () mail ! gmail ! com
[Download RAW message or body]

2008/10/13, Oswald Buddenhagen <ossi@kde.org>:
> On Mon, Oct 13, 2008 at 04:40:57PM +0300, George Kiagiadakis wrote:
>  > 2008/10/13 Oswald Buddenhagen <ossi@kde.org>:
>  > > - KPty should handle restoring privs for login() and dropping them again
>  > >  automatically. libkpty would have a global constructor to drop the
>  > >  privs on startup in the first place.
>  >
>  > I agree, please implement that :P
>  >
>
> ha! ;)
>  i have second thoughts on the implementation. maybe we should go for the
>  initially thought up central {drop,restore}Privileges() (in which
>  class?). if libkpty would do its own stuff, it would clash with other
>  possible users of elevated privileges.

Now that I finished fixing kwrited (it's in
kdebase/workspace/kwrited), I was thinking of a proper way to fix the
same problem in konsole. For those that didn't follow the previous
thread, the problem is that konsole does not update the utmp records
if libkpty is built without utempter support. To fix this in konsole,
we need to setuid/setgid konsole and drop/restore privileges where
appropriate, just like all other terminal applications do.

A proposed solution is this (this is more or less what Oswald
suggested above, I am just making it more clear):

1) We need at least 2 functions in kdelibs:
void dropElevatedPrivileges();
void restoreElevatedPrivileges();
(and possibly a set of query functions to see if we are running in
setuid/setgid and as which user/group, but that's not really required)
I thought that KUser might be an appropriate place for putting them in
as static functions that will only be compiled on unix. Or, if you
think KUser is not the right place, we could make a new class for that
in kdecore.

2) When konsole and kwrited start, they call dropElevatedPrivileges()
and then KPty::login() and KPty::logout() internally call restore and
drop when they need it.

3) We need a cmake macro (something like macro_kpty_apply_privileges)
to apply setuid/setgid if it is needed. Plus, we need "something" (I
don't know how this could be implemented, ideas are welcome) to detect
from cmake if libkpty requires elevated privileges or not. The current
detection is based on whether libutempter and utempter.h exist, but
that's not a nice solution because that does not imply that libkpty
was built with utempter support!

This is it. Now that I have an svn account, I am willing to fix this
if nobody else is already working on it, but I will need some feedback
for the implementation details (especially the cmake detection that I
don't know how to implement).

Regards,
George
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]