https://bugzilla.novell.com/show_bug.cgi?id=864716 https://bugzilla.novell.com/show_bug.cgi?id=864716#c15 --- Comment #15 from Raymond Wooninck <tittiatcoke@gmail.com> 2014-03-26 08:46:51 UTC --- Sebastian, uid comes from the following routine: qint64 UnixProcessSubject::uid() const { return polkit_unix_user_get_uid((PolkitUnixUser *) subject()); } At this moment KDE is undergoing a heavy transformation into the KDE Frameworks and maybe we can get the changes for KAuth done there. However this will not resolve the KDE4 stuff. Therefore we are trying to make just small changes in order to make things work. And lets be fair, this has been working for the last years without major concerns until you discovered the racy condition. So we are trying to accommodate this and using the new method to resolve the racy condition. I don't see this rewrite for KAuth happening for KDE4 and my assumption is that openSUSE stands alone in this and as openSUSE doesn't deliver any developer resources to KDE, I guess we have to wait until it becomes an issue within Fedora/Red Hat. So in my opinion we have the following choices: 1) We leave things as it is and accept the racy condition for KDE 2) We adjust polkit-qt-1 to move away from the deprecated method and using the new one that prevents the racy condition, but is still PID based. 3) Neither of the above is accepted, which would mean that KDE is a security risk and it is then up to the security team to decide whether or not KDE should be removed from Factory. Maybe black and white, but these are the choices I see at the moment for KDE4 in openSUSE. I will test Hrvoje's patch today to see if this one works as expected and then I will submit it for review to KDE Upstream. And this is the best that I can do at the moment. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.