134756 – an app starting under kdesu at kde start time attaches itself to root's dcopserver.

Bug 134756 - an app starting under kdesu at kde start time attaches itself to root's dcopserver.

Summary: an app starting under kdesu at kde start time attaches itself to root's dcops...

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] KDE (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo KDE team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-05-29 05:16 UTC by brian
Modified:	2007-04-04 15:50 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
shows, I hope the effect of clicking a link in kuroo (kuroo.png,188.93 KB, image/png) 2006-05-29 05:21 UTC, brian	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description brian 2006-05-29 05:16:36 UTC

An app such as kuroo or klamav, which runs under kdesu --nonewdcop is left in the systray at logout. On next login, the app now connects with root's dcop server instead of the user's. This means that any e.g. links accessed from within the app run as root thus allowing an effective priviledge escalation beyond that needed for the app - as well as being a bloody nuisance.

Comment 1 brian 2006-05-29 05:21:06 UTC

Created attachment 87795 [details]
shows, I hope the effect of clicking a link in kuroo 

This is `dcop` as root :

possum brian # dcop
kuroo
kded
kcookiejar
klauncher
possum brian #

Comment 2 Caleb Tennis (RETIRED) gentoo-dev

2006-05-29 06:13:28 UTC

Have you reported this to the KDE folks?

Comment 3 Jakub Moc (RETIRED) gentoo-dev

2007-04-04 15:50:37 UTC

Please, report this upstream and post the URL here for tracking.

http://bugs.kde.org/