Hole in the KDE desktop

Alan Cox (alan@LXORGUK.UKUU.ORG.UK)
Mon, 05 May 1997 19:47:35 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: fflush: "A vulnerability in Lynx (all versions)"
Previous message: Larry Schwimmer: "Re: A bug in Elm"

KDE is a sort of neat desktop built on the Qt widget class (see
http://www.kde.org). A word of warning to anyone running it however - the
file manager talks to the other modules over a basically unsecured TCP
socket. You can ask it to copy files and all sorts of lovely stuff.
Fortunately its not got any obvious major features (the file copy for example
is to their local disk). However if you can get a file onto their box (eg
into their anonymous ftp area) you can ask kfm to copy it to ~user/.rhosts

The fix appears to be to make the KDE software communicate over an AF_UNIX
socket and set file permissions appropriately on the socket name. This
requires you rebuild a fair chunk of the KDE software but the end result
seems to work as well as before.

I've tried reporting bugs to the KDE authors, all I got was abuse so I'll
log it here instead in the hope someone sensible from the KDE project reads
this.

Alan

Next message: fflush: "A vulnerability in Lynx (all versions)"
Previous message: Larry Schwimmer: "Re: A bug in Elm"