| Summary: | Unneeded setgid requirement | ||
|---|---|---|---|
| Product: | [Frameworks and Libraries] frameworks-kdesu | Reporter: | Maximiliano Curia <maxy> |
| Component: | general | Assignee: | kdelibs bugs <kdelibs-bugs> |
| Status: | REPORTED --- | ||
| Severity: | normal | ||
| Priority: | NOR | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Debian unstable | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed In: | ||
| Sentry Crash Report: | |||
Thank you for the bug report. As this report hasn't seen any changes in 5 years or more, we ask if you can please confirm that the issue still persists. If this bug is no longer persisting or relevant please change the status to resolved. |
Hi, The kdesu framework currently requires the kdesud to be setgid, the documentation about this requirement says (client.h): The daemon should be installed setgid nogroup, in order to be able to act as an inaccessible, trusted 3rd party. Even the check for the daemon file to be setgid is part of the public API of the kdesu framework.: class KDESU_EXPORT KDEsuClient { public: ... bool isServerSGID(); ... But, AFAICS, this provides no additional "security". In fact, it would be better if the check were "make sure the daemon is not setuid", or if it denies ptrace. Afaik, having the setgid in place only serves as a way to change the effective primary group, which will be used for files created by this process. Unless there is a real reason for this requirement, please drop it. Happy hacking, Reproducible: Always