DevHeads.net

KIO slave-socket shortcut - does it exist?

KIO works.

My current level of understanding is that apps ask klauncher/kdeinit for a
KIO slave if they need one. Then either kdeinit spawns a new slave process,
or there is already an idle slave and it is reused. Idle slaves kill
themselves after a couple of minutes if no request is coming in.
Communication between the slave and the app happens via a socket, usually
to find in /run/user/$UID.

The question is if, or rather when, it is possible to shortcut this
process. Do slaves, especially idle ones, accept commands issued by third
programs via these sockets? Try to take the perspective of an evil-minded
adversary.

Thank you very much!

Comments

Re: KIO slave-socket shortcut - does it exist?

By Albert Astals Cid at 12/04/2018 - 17:26

El dimarts, 4 de desembre de 2018, a les 16:37:34 CET, Smits Katze va escriure:
Do you mean this as a security issue?

Albert

Re: KIO slave-socket shortcut - does it exist?

By Elvis Angelaccio at 12/04/2018 - 16:40

On 04/12/18 16:37, Smits Katze wrote:
You can bypass klauncher/kdeinit by exporting the KDE_FORK_SLAVES
environment variable set to 1. Then the applications will spawn the
ioslave process on their own.

Not sure if this actually helps you, though.

Cheers,
Elvis

Re: KIO slave-socket shortcut - does it exist?

By Smits Katze at 12/04/2018 - 20:41

Thanks for the pointer to KDE_FORK_SLAVES, it is heading in the right
direction and actually seems to solve a number of other issues with
sandboxing KDE apps.

I feel I should explain my use case a bit better: Imagine a sandboxed
app with limited access to system resources.... and someone with bad
intentions controlling this app and trying to escape the sandbox.
There are well-known ways to escape from a sandbox, like X11 and D-Bus
sockets, but KDE has interesting additional challenges. One is the
kdeinit socket, and slave sockets are *potentially* another. My
concern is a sandboxed app that somehow manages to control a KIO slave
running outside the sandbox. A sysadmin could probably address this by
setting KDE_FORK_SLAVES for all programs globally... unfortunately it
won't work if the sandbox tries to do something similar.

Re: KIO slave-socket shortcut - does it exist?

By Smits Katze at 12/05/2018 - 05:44

I'm trying to get the sandbox right for KDE apps. And I found it to be
not so trivial, that's why I'm here :)