View previous topic :: View next topic |
Author |
Message |
Belliash Advocate
Joined: 24 Nov 2004 Posts: 2503 Location: Wroclaw, Poland
|
Posted: Thu May 05, 2011 2:52 pm Post subject: [QT][KDE] /.config creation (in rootfs!) |
|
|
Hello,
I'd like to as what is able to create /.config file with Trolltech.conf file inside?
I use KDE 4.6.2 from normal user account. When i remove that directory it's newly creating after a while.
WTF? KDE launched from normal user account shouldnt have permission to write in rootfs (/)
Code: | / # pwd
/
/ # ls -a
. bin [b].config[/b] etc lib lib64 lost+found mnt proc sbin tmp var
.. boot dev home lib32 libexec media opt root sys usr
/ # cd .config
.config # ls
Trolltech.conf
|
What is doing this and how to prevent this?
Thanks! _________________ Asio Software Technologies
Belliash IT Weblog |
|
Back to top |
|
|
Belliash Advocate
Joined: 24 Nov 2004 Posts: 2503 Location: Wroclaw, Poland
|
Posted: Thu May 05, 2011 3:20 pm Post subject: |
|
|
After short discussion with UberPinguin on #gentoo-security we decided to do some testing, the result i'm writing down, to not lost that.
I have stopped xdm service and removed whole /.config directory.
Then i have logged in my account i use for every-day work and typed startx. KDE 4.6.2 has started up and /.config directory has been recreated.
Code: | / $ ls -la .config
total 12
drwxr-xr-x 2 root root 4096 May 5 17:12 .
drwxr-xr-x 22 root root 4096 May 5 17:12 ..
-rw-r--r-- 1 root root 278 May 5 17:12 Trolltech.conf |
As you can see its created in / with root:root ownership _________________ Asio Software Technologies
Belliash IT Weblog |
|
Back to top |
|
|
ComaWhite Tux's lil' helper
Joined: 07 Oct 2008 Posts: 125
|
Posted: Sat May 07, 2011 1:12 pm Post subject: |
|
|
that Trolltech file is Qt doing that, not KDE. |
|
Back to top |
|
|
Belliash Advocate
Joined: 24 Nov 2004 Posts: 2503 Location: Wroclaw, Poland
|
Posted: Sun May 08, 2011 8:54 am Post subject: |
|
|
ComaWhite wrote: | that Trolltech file is Qt doing that, not KDE. |
maybe, maybe not...
How you know?
First of all it's not created while launching every QT based software - i can login into failsafe and launch KWrite and that file wont be created.
Secondly its created during KDE startup process.
And finally - creating something in / needs root priviledges. Even if it is QT - its only library! Library not executed as stand-alone software! Library loaded by KDE with root priviledges! _________________ Asio Software Technologies
Belliash IT Weblog |
|
Back to top |
|
|
Freeky Tux's lil' helper
Joined: 11 Mar 2011 Posts: 129 Location: Novosibirsk, Russia
|
Posted: Mon May 30, 2011 3:21 am Post subject: |
|
|
ComaWhite wrote: | that Trolltech file is Qt doing that, not KDE. |
I think it is connected just with kde. Because on my laptop with lxde and qt and this file is not. |
|
Back to top |
|
|
Core n00b
Joined: 14 May 2007 Posts: 29
|
Posted: Wed Aug 03, 2011 8:24 pm Post subject: |
|
|
https://bugs.kde.org/show_bug.cgi?id=249217
Using patch from this bug, works for me:
/etc/portage/env/sys-apps/dbus
Code: | post_src_prepare() {
epatch "/etc/portage/env/sys-apps/dbus-kde-fixpath.patch"
} |
/etc/portage/env/sys-apps/dbus-kde-fixpath.patch
Code: | --- a/bus/activation-helper.c
+++ b/bus/activation-helper.c
@@ -344,6 +344,8 @@ switch_user (char *user, DBusError *error)
"cannot setuid user %i", pw->pw_uid);
return FALSE;
}
+
+ _dbus_setenv ("HOME", pw->pw_dir);
#endif
return TRUE;
} |
|
|
Back to top |
|
|
046 Apprentice
Joined: 21 Jul 2004 Posts: 231 Location: Yaroslavl, Russia
|
|
Back to top |
|
|
|