KAuth support in KIO is currently disabled due to following security issues:
- 1. The privilege is persistent for the entire session.
- 2. The confirmation prompt for the kauth action use does not tell what is going to happen. So you might open a file dialog and then instead of opening a file, write to /bin/sh.
- 3. Trivial stack-based buffer overflow in the kauth helper: https://cgit.kde.org/kio.git/tree/src/ioslaves/file/sharefd_p.h#n57
- 4. The socket used to send and receive file descriptors does not have any kind of permission check.
- 5. Having KIO::Job show a prompt achieves nothing. An application can easily bypass it.
Try to revoke authorization of slave and if unsuccessful delete the slave in klauncher.
D10818 D10822 D10437: Store authorization status
D10820 : Send authorization status
D10641 : Revoke authorization
D10824 : Delete slave if revoking wasn't done or unsuccessful
Don't use strcpy.
D10273 : Create proper socket address structure
Some problems with ktexteditor's privilege escalation, and possible improvements are mentioned here:
Listed below are some of those improvements that (I think) should be made in KIO as well: