KDE and security
When logging in to KDE a file .DCOPserver_hostname__0 is created in the home
directory and a symlink named .DCOPserver_hostname_:0 is created to point to
it.
There are several other files that have been used by different versions of
KDE, there was .MCOP-random-seed and there were a few others.
I think that these files should be created in a subdirectory so that they can
be easily tracked, controlled, and removed when not needed.
One problem I am currently dealing with is that I want to run games under a
different context that is denied read access to regular files (so a game
can't send my private data over the net if cracked) and given read-only
access to it's config files.
I've currently got my ~/.qt and ~/.kde directories set to the type
user_games_ro_t so that games can read them but not write them (and regular
processes can write them). However the games still need access to
/tmp/.ICE-unix (which is a bad idea anyway for security reasons),
~/.DCOPserver_hostname__0, and /tmp/ksocket-user.
For /tmp/ksocket-user and /tmp/.ICE-unix, will KDE use an environment variable
for specifying the tmp directory? If so it shouldn't be difficult to solve
this. Also what is the point of the .ICE-unix directory anyway?
But the .DCOPserver* files are a more serious problem. IMHO the core code
should be changed to put them somewhere more appropriate. I'd be happy to
offer a patch if someone's interested in merging it (either in Debian
packages or upstream).
While we're at it, the error handling in QT could probably be improved. If
you are denied access to create ~/.qt/.qtrc.lock then trying it four times is
not going to get you access...
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: