Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 134756

Summary: an app starting under kdesu at kde start time attaches itself to root's dcopserver.
Product: Gentoo Linux Reporter: brian
Component: [OLD] KDEAssignee: Gentoo KDE team <kde>
Status: RESOLVED UPSTREAM    
Severity: major    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: shows, I hope the effect of clicking a link in kuroo

Description brian 2006-05-29 05:16:36 UTC
An app such as kuroo or klamav, which runs under kdesu --nonewdcop is left in the systray at logout. On next login, the app now connects with root's dcop server instead of the user's. This means that any e.g. links accessed from within the app run as root thus allowing an effective priviledge escalation beyond that needed for the app - as well as being a bloody nuisance.
Comment 1 brian 2006-05-29 05:21:06 UTC
Created attachment 87795 [details]
shows, I hope the effect of clicking a link in kuroo 

This is `dcop` as root :

possum brian # dcop
kuroo
kded
kcookiejar
klauncher
possum brian #
Comment 2 Caleb Tennis (RETIRED) gentoo-dev 2006-05-29 06:13:28 UTC
Have you reported this to the KDE folks?
Comment 3 Jakub Moc (RETIRED) gentoo-dev 2007-04-04 15:50:37 UTC
Please, report this upstream and post the URL here for tracking.

http://bugs.kde.org/