Author Topic: <Explained> KDE not obeying permissions (Read 697 times)

kjpetrie · « **on:** May 21, 2010, 04:02:23 PM »

I have a problem with KDE not obeying, or even circumventing, permissions.

If I open a terminal, su to root, and type "chmod 700 /usr/bin/kwrite" and then confirm with an "ls -l" that the permission has been changed, I can still launch kwrite from the menu. The same applies to kmix and konqueror, but not to gimp, so it looks as if it's KDE native applications which are affected.

Have I got a problem on my system (well, yes I have) or is this happening to others as well?

The applications so launched aren't run as root - ie I can't open files such as menu.lst with kwrite, so it's not necessarily exploitable, but it does prevent administrators controlling who can run what.

Bald Brick · « **Reply #1 on:** May 21, 2010, 07:33:35 PM »

Quote from: kjpetrie on May 21, 2010, 04:02:23 PM

is this happening to others as well?

It is.

muungwana · « **Reply #2 on:** May 21, 2010, 07:50:20 PM »

kwrite doesnt start from the terminal but it does from the menu ..strange ..

i compile kde4 from source so this behavior isnt specific to pclinuxos

Rudge · « **Reply #3 on:** May 21, 2010, 09:52:46 PM »

Quote from: kjpetrie on May 21, 2010, 04:02:23 PM

I have a problem with KDE not obeying, or even circumventing, permissions.

If I open a terminal, su to root, and type "chmod 700 /usr/bin/kwrite" and then confirm with an "ls -l" that the permission has been changed, I can still launch kwrite from the menu. The same applies to kmix and konqueror, but not to gimp, so it looks as if it's KDE native applications which are affected.

Have I got a problem on my system (well, yes I have) or is this happening to others as well?

The applications so launched aren't run as root - ie I can't open files such as menu.lst with kwrite, so it's not necessarily exploitable, but it does prevent administrators controlling who can run what.

You are changing the permissions on the wrong file. Linux obeys permissions and KDE will have to behave as well. If KDE is still able to launch the app you will have to reconsider which file KDE is launching. If a script logs on as root, it will run as root.
I am just babbling so ignore me. lol

aherkey · « **Reply #4 on:** May 21, 2010, 10:57:49 PM »

You have to understand how KDE starts programs. Basically for KDE programs KDE uses kdeinit4 to launch them. It doesn't use the files in /usr/bin instead it uses the files in /usr/lib. You will see them listed as libkdeinit4_XXXXX.so where XXXXX is the program name.

The KDE binaries in /usr/bin are launchers that open libkdeinit4_XXXXX.so, so other DM's can run them. You can even remove /usr/bin/kwrite and KDE will still start it.

If you change permissions on /usr/lib/libkdeinit4_kwrite.so to 700 KDE won't be able to start kwrite as a normal user.

Please note that this is a simplistic description of how this works.

- Andy

kjpetrie · « **Reply #5 on:** May 22, 2010, 09:40:13 AM »

Thanks. It's good to know there's nothing to panic about here!

PCLinuxOS-Forums

News:

Author Topic: <Explained> KDE not obeying permissions (Read 697 times)

kjpetrie

<Explained> KDE not obeying permissions

Bald Brick

Re: KDE not obeying permissions

muungwana

Re: KDE not obeying permissions

Rudge

Re: KDE not obeying permissions

aherkey

Re: KDE not obeying permissions

kjpetrie

Re: <Explained> KDE not obeying permissions