Bug 414289

Summary: KAuth helper improvements requested by the SUSE security team
Product: [Applications] systemsettings Reporter: Fabian Vogt <fabian>
Component: kcm_sddmAssignee: Filip Fila <filipfila.kde>
Status: CONFIRMED ---    
Severity: normal CC: nate, postix
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Fabian Vogt 2019-11-19 09:24:09 UTC 
Copy-pasting from https://bugzilla.opensuse.org/show_bug.cgi?id=1145182

a) and b) got fixed meanwhile

c) SdmAutHelper::save() and SdmAuthHelper::installtheme() both access
  potentially user owned files (background files or theme archive files)
  without necessary protection. For example if a user downloads an image to
  /tmp then there is a danger that another user might play tricks with
  symlinks. Without `auth_admin` this would be completely unsafe.

  The only safe way to implement this would again be to drop privileges to the
  client user and safely copy the file away to some private location only
  accessible to root.

d) The README file in the repository is quite meaningless (it seems to contain
  build instructions). Installing it as part of the package makes no sense.
  Somebody could try to help upstream to add some actual documentation in
  there. This is a common theme with KDE packages that the documentation is
  lacking and this is sad.

e) The API for SddmAuthHelper::uninstalltheme is unsuitably complex. It takes
  a full path to the theme to uninstall and then the implementation tries hard
  to make sure this full path exactly points to a theme folder below
  /usr/share/sddm/themes. So the sane thing to do here would be to only expect
  the theme name to be removed, not a path in the first place.