KAuth support in KIO is currently disabled due to following security issues:
[x] 1. The privilege is persistent for the entire session.
[] 2. The confirmation prompt for the kauth action use does not tell what is going to happen. So you might open a file dialog and then instead of opening a file, write to /bin/sh.
[x] 3. Trivial stack-based buffer overflow in the kauth helper:
https://cgit.kde.org/kio.git/tree/src/ioslaves/file/sharefd_p.h#n57
[x] 4. The socket used to send and receive file descriptors does not have any kind of permission check.
[x] 5. Having KIO::Job show a prompt achieves nothing. An application can easily bypass it.
Possible solutions:
**Issue 1**
Try to revoke authorization of slave and if unsuccessful delete the slave in klauncher.
D10818 D10822 D10437: Store authorization status
D10820 : Send authorization status
D10641 : Revoke authorization
D10824 : Delete slave if revoking wasn't done or unsuccessful
**Issue 2**
D21782 D21783
**Issue 3**
Don't use strcpy.
D10273 : Create proper socket address structure
**Issue 4**
Create socket in user's runtime directory and accept file descriptor only form root process.
D10410 : Secure socket to app connection
D10409 D10411 : Secures app to socket connection
**Issue 5**
Show prompt from slave's side
D10567 D10568 : Handle prompt in KIO slave
Edit:
Some problems with ktexteditor's privilege escalation, and possible improvements are mentioned here:
https://bugzilla.suse.com/show_bug.cgi?id=1033055#c13
Listed below are some of those improvements that (I think) should be made in KIO as well:
[] 6. Improve message in polkit prompt (issue no. 2). BTW how do I fix this?
[] 7. Don't elevate privilege if the directory is read-only and user is the owner. D14464
[] 8. If owner of target directory is not root then drop privileges (rejecting the whole operation might be impractical). D14467