https://bugzilla.novell.com/show_bug.cgi?id=864716
https://bugzilla.novell.com/show_bug.cgi?id=864716#c12
--- Comment #12 from Raymond Wooninck tittiatcoke@gmail.com 2014-03-25 15:05:31 UTC --- @Sebastian,
As far as I know getuid() gives me the user of the current process. The call to PolkitQt1::UnixProcessSubject subject(pid) comes from within KAuth where KAuth tries to validate if the user/process is authorized to perform that action and return that value back to the calling program. So I am not sure how this would fit in a DBUS activation as root ?
This would mean that the program is running under root and then KAuth will indicate that the user is authorized. I just followed the same approach as that Red Hat did for the spicy-gtk library, so I guess that I am missing the point. Or I am a little bit too naive.
@Hrvoje. This issue came up when asking for a security review for smb4k, where Sebastian mentioned that KDE upstream is not following up on security issues. That is where I picked this up and tried to come up with an acceptable solution. The patch was reviewed (https://git.reviewboard.kde.org/r/117056/) and I got a Ship It! for it so that it gets fixed for KDE4