Web lists-archives.com

Re: [QUESTION] KIO slave-socket shortcut - does it exist?




>You can bypass klauncher/kdeinit by exporting the KDE_FORK_SLAVES
>environment variable set to 1. Then the applications will spawn the
>ioslave process on their own.
>
>Not sure if this actually helps you, though.

Thanks for the pointer to KDE_FORK_SLAVES, it is heading in the right
direction and actually seems to solve a number of other issues with
sandboxing KDE apps.

I feel I should explain my use case a bit better: Imagine a sandboxed
app with limited access to system resources.... and someone with bad
intentions controlling this app and trying to escape the sandbox.
There are well-known ways to escape from a sandbox, like X11 and D-Bus
sockets, but KDE has interesting additional challenges. One is the
kdeinit socket, and slave sockets are *potentially* another. My
concern is a sandboxed app that somehow manages to control a KIO slave
running outside the sandbox. A sysadmin could probably address this by
setting KDE_FORK_SLAVES for all programs globally... unfortunately it
won't work if the sandbox tries to do something similar.