Now that the helper actually works it makes no sense to have it hidden behind an option
Details
Details
Diff Detail
Diff Detail
- Repository
- R467 K3b
- Branch
- master
- Lint
No Linters Available - Unit
No Unit Test Coverage - Build Status
Buildable 10280 Build 10298: arc lint + arc unit
Comment Actions
Adding security team so we can have a second set of eyes on the helper, i couldn't find anything obviously wrong, but you know how auth helpers are :)
Comment Actions
Adding security team so we can have a second set of eyes on the helper, i couldn't find anything obviously wrong, but you know how auth helpers are :)
The helper allows to set arbitrary files setuid and adding arbitrary users to arbitrary groups - that's way too much.
Comment Actions
the setuid changes seem relatively easy to narrow down, as far as i can see it'll only ever try to do it over "cdrecord" "cdrdao" "growisofs", so we can make the helper bail out on other binaries
The group thing is harder to narrow down, i guess for the "group to be added" we could try to do
QList<Device::Device*> devices = m_deviceManager->allDevices();
QFileInfo fileInfo( devices.front()->blockDeviceName() );
m_deviceGroup = fileInfo.group();like the code does, but that means bringing the devicemanager code over to the helper, which i'm not sure if that's a great idea.
About the user that will get added to such group, i don't see a way to narrow that down.
Do you have any ideas?