https://bugzilla.novell.com/show_bug.cgi?id=864716 https://bugzilla.novell.com/show_bug.cgi?id=864716#c14 --- Comment #14 from Sebastian Krahmer <krahmer@suse.com> 2014-03-26 07:05:42 UTC --- Thanks for your efforts. I dont think using uid is the right way for the framework to check authorizations. Consider org.kde.fontinst.service DBUS service, that is activated on behalf of users request as a root service. It will therefore run with uid 0, even if triggered by user. For now it is just using the pid of user requesting the service. Thats racy and the thing we want to fix. Your patch proposal also integrates the uid, but I fear thats the uid of the currently running process (root == 0). From the small patch I cannot see where the uid is coming from. If that would be the uid of the requesting user, that would be fine (although not perfect if suid helpers request DBUS services). The preferred way is to use system-bus-name polkit authorization. polkit-qt bindings seem to offer SystemBusNameSubject class already, so is it possible to use that in KAuth rather than UnixProcess subjects? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.