Web lists-archives.com

Re: [QUESTION] KIO slave-socket shortcut - does it exist?




El dimarts, 4 de desembre de 2018, a les 16:37:34 CET, Smits Katze va escriure:
> Background: I want to sandbox KDE apps and need to understand better how
> KIO works.
> 
> My current level of understanding is that apps ask klauncher/kdeinit for a
> KIO slave if they need one. Then either kdeinit spawns a new slave process,
> or there is already an idle slave and it is reused. Idle slaves kill
> themselves after a couple of minutes if no request is coming in.
> Communication between the slave and the app happens via a socket, usually
> to find in /run/user/$UID.
> 
> The question is if, or rather when, it is possible to shortcut this
> process. Do slaves, especially idle ones, accept commands issued by third
> programs via these sockets? Try to take the perspective of an evil-minded
> adversary.

Do you mean this as a security issue?

Albert

> 
> Thank you very much!
>