[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-frameworks-devel
Subject:    Call for help: possible race conditions in KAuth
From:       Luca Beltrame <lbeltrame () kde ! org>
Date:       2014-07-16 14:15:02
Message-ID: 2893609.RNWn4KNMpI () giskard
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


When submitting KAuth to openSUSE, the SUSE security team found possible race 
conditions that could lead to security issues[1]-

I'm writing here because until these issues are solved, KAuth will not be 
accepted into openSUSE. 

The second reason I'm posting this here is because it seems people involved 
with KAuth are not reachable:

- security@ko was contacted without an answer;
- other KDE people including drf were contacted without a response;

Some discussion was raised with Martin Briza (CC'ed just in case, so he may 
provide some insight, at least) with regards to polkit-qt-1 issues which were 
(to my understanding) fixed. 

I can say I cannot fix this at all (I can write C++, but I have neither the 
skill nor the time to fix what's needed here), and therefore this is a cry for 
help to see at least the identification of the issue and a fix or workaround, 
or just an explanation why this is not an issue.

I think this is quite important as KAuth is a security-related framework. 

[1] https://bugzilla.novell.com/show_bug.cgi?id=864716#c41

-- 
Luca Beltrame - KDE Forums team
KDE Science supporter
GPG key ID: 6E1A4E79
["signature.asc" (application/pgp-signature)]

_______________________________________________
Kde-frameworks-devel mailing list
Kde-frameworks-devel@kde.org
https://mail.kde.org/mailman/listinfo/kde-frameworks-devel


[prev in list] [next in list] [prev in thread] [next in thread]