From kde-frameworks-devel Wed Jul 16 14:15:02 2014 From: Luca Beltrame Date: Wed, 16 Jul 2014 14:15:02 +0000 To: kde-frameworks-devel Subject: Call for help: possible race conditions in KAuth Message-Id: <2893609.RNWn4KNMpI () giskard> X-MARC-Message: https://marc.info/?l=kde-frameworks-devel&m=140552012224337 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--===============4657351420166061374==" --===============4657351420166061374== Content-Type: multipart/signed; boundary="nextPart1945310.vMvfrda17J"; micalg="pgp-sha256"; protocol="application/pgp-signature" --nextPart1945310.vMvfrda17J Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-15" When submitting KAuth to openSUSE, the SUSE security team found possibl= e race=20 conditions that could lead to security issues[1]- I'm writing here because until these issues are solved, KAuth will not = be=20 accepted into openSUSE.=20 The second reason I'm posting this here is because it seems people invo= lved=20 with KAuth are not reachable: =2D security@ko was contacted without an answer; =2D other KDE people including drf were contacted without a response; Some discussion was raised with Martin Briza (CC'ed just in case, so he= may=20 provide some insight, at least) with regards to polkit-qt-1 issues whic= h were=20 (to my understanding) fixed.=20 I can say I cannot fix this at all (I can write C++, but I have neither= the=20 skill nor the time to fix what's needed here), and therefore this is a = cry for=20 help to see at least the identification of the issue and a fix or worka= round,=20 or just an explanation why this is not an issue. I think this is quite important as KAuth is a security-related framewor= k.=20 [1] https://bugzilla.novell.com/show_bug.cgi?id=3D864716#c41 =2D-=20 Luca Beltrame - KDE Forums team KDE Science supporter GPG key ID: 6E1A4E79 --nextPart1945310.vMvfrda17J Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCAAGBQJTxojpAAoJEAE/pQtuGk55EgUQAJ9HHZe5bH/P/miDupDQ4pQw /0FWBKIJtBvF0cdvYDa45ZMM7m4cFLJuLax0I/lQePWoxDFO7LwSZ9vyV7Bccbak r6YimmHWWZTmPdUCYY7HD3QCre5Q6hytnczrYVvOZIcCRWYWKZNmhYiP/E69JvA1 IkQt1AfwuhxSEWwVyuqM2O78T7JBm1nRpvhT95H3IQbZk6ze2PGn9ARQzJ7W74po 04wgcl0eLkE/8CMdLEP5HJ3qZgbLVXE5eAeryjI0frt1eiPRPv0f9mvF1zn/lcF5 PywQWE9EQcdddAL1MzDa0EEIXO0nJ1sHNfNCmUYJFDkd7lJIxAk2BuCwo05XVF+U ghDPsQMknEzc2tIFnORuCaFLutd5O7kAjviBAK/H6e2EkhVNHQ9UQsMfhjzqe+4L Gn+c/r9PPx0/uTuK9MII1EKbNYACYpYXXpc/zM19logcPpRGQ6YxbIA9xX7YEbON cCxxuCmKhadlqzpViPzXGGx9Jl8T8+9jZrrP5421NLes3tooGLsAnSknDJod/hFX 65UNHduVXbNnLAXXYjm6ZCdhVzjRLoVDo7YE5SMP3cyhoMC/ymv+ielF7Kpub3iR 9hzBMFPS9Mg8oU0LpOFyZEaxOw1xs/N2lsOvzF/YJ7AfEzlITjB1BfmErtxCtIUx Q6VUfpYzHtWpPdqswhfd =ci7O -----END PGP SIGNATURE----- --nextPart1945310.vMvfrda17J-- --===============4657351420166061374== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Kde-frameworks-devel mailing list Kde-frameworks-devel@kde.org https://mail.kde.org/mailman/listinfo/kde-frameworks-devel --===============4657351420166061374==--