https://bugzilla.novell.com/show_bug.cgi?id=864716
https://bugzilla.novell.com/show_bug.cgi?id=864716#c12
--- Comment #12 from Raymond Wooninck 2014-03-25 15:05:31 UTC ---
@Sebastian,
As far as I know getuid() gives me the user of the current process. The call to
PolkitQt1::UnixProcessSubject subject(pid) comes from within KAuth where KAuth
tries to validate if the user/process is authorized to perform that action and
return that value back to the calling program. So I am not sure how this would
fit in a DBUS activation as root ?
This would mean that the program is running under root and then KAuth will
indicate that the user is authorized. I just followed the same approach as that
Red Hat did for the spicy-gtk library, so I guess that I am missing the point.
Or I am a little bit too naive.
@Hrvoje. This issue came up when asking for a security review for smb4k, where
Sebastian mentioned that KDE upstream is not following up on security issues.
That is where I picked this up and tried to come up with an acceptable
solution. The patch was reviewed (https://git.reviewboard.kde.org/r/117056/)
and I got a Ship It! for it so that it gets fixed for KDE4
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.