KAuth support in KIO is currently disabled due to following security issues:
- 1. The privilege is persistent for the entire session.
- 2. The confirmation prompt for the kauth action use does not tell what is going to happen. So you might open a file dialog and then instead of opening a file, write to /bin/sh.
- 3. Trivial stack-based buffer overflow in the kauth helper: https://cgit.kde.org/kio.git/tree/src/ioslaves/file/sharefd_p.h#n57
- 4. The socket used to send and receive file descriptors does not have any kind of permission check.
- 5. Having KIO::Job show a prompt achieves nothing. An application can easily bypass it.
Try to revoke authorization of slave and if unsuccessful delete the slave in klauncher.
D10818 D10822 D10437: Store authorization status
D10820 : Send authorization status
D10641 : Revoke authorization
D10824 : Delete slave if revoking wasn't done or unsuccessful
Maybe a "Details" button in the prompt will solve it. Still need more info.
Don't use strcpy.
D10273 : Create proper socket address structure
Some problems with ktexteditor's privilege escalation, and possible improvements are mentioned here:
Listed below are some of those improvements that (I think) should be made in KIO as well:
- 6. Improve message in polkit prompt (issue no. 2). BTW how do I fix this?
- 7. Don't elevate privilege if the directory is read-only and user is the owner.
- 8. If owner of target directory is not root then drop privileges (rejecting the whole operation might be impractical).