oss-sec mailing list archives
Re: KAuth security issues
From: Florian Weimer <fweimer () redhat com>
Date: Wed, 26 Mar 2014 08:56:51 +0100
On 03/26/2014 08:10 AM, Sebastian Krahmer wrote:
I love to talk to myself, in particular via mailing lists. This issue seems to be addressed meanwhile via https://git.reviewboard.kde.org/r/117056/ by fixing the underlying polkit qt binding.
Is the proposed change really correct? It uses getuid() as the subject, which looks wrong if you want to use this wrapper to check the capabilities of a D-Bus peer.
-- Florian Weimer / Red Hat Product Security Team
Current thread:
- KAuth security issues Sebastian Krahmer (Mar 24)
- Re: KAuth security issues Sebastian Krahmer (Mar 26)
- Re: KAuth security issues Florian Weimer (Mar 26)
- Re: KAuth security issues Sebastian Krahmer (Mar 26)
- Re: KAuth security issues Florian Weimer (Mar 26)
- Re: KAuth security issues Sebastian Krahmer (Mar 26)