[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: kdelibs & setuid root programs
From: Harri Porten <porten () tu-harburg ! de>
Date: 1998-10-31 17:40:55
[Download RAW message or body]
Hi !
There are three "issues" I want to address that turn up when using
setuid root programs with the KDE libraries:
1.) KApplication::init() uses mkdir() to create ~/.kde/share/config
_without_ making them belong to the real user and group id. (This topic
has been brought up a few months ago but hasn't been solved yet.)
2.) KConfig::writeConfigFile() newly created config files will belong
to root, i.e. the user won't be able to edit/delete his private config
files.
3.) $HOME: the member functions cited above both rely on $HOME to
determine ~/.kde. Of course, it's the author's duty to prevent any
damage caused by manipulated environment variables, but I strongly
suggest that these functions should at least check whether they're
trying to write to a directory owned by the user or someone else.
Thanks,
Harri.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic