Mon Oct 08, 2018 7:36 am
Hi! I am making LSM (linux security module) for my own needs. Basic concept is that different applications may have different access permissions.
But I have problem with KDE/Dolphin. I noticed that Dolphin (KDE file manager) is able to list contents of private directories without having permission to access them. In audit logs I see that it is actually another process who reads directory (I think it was kdeinit5, but not totally sure).
How does it work? Is it possible to disable such behavior? I don't want any untrusted app to be able to list private directories using some KDE IPC.
Or, at least, I want to be sure that untrusted applications can't READ/WRITE files via KDE processes.
1. Besides listing protected directories, dolphin is able to copy protected files (making them readable for untrusted processes) or even delete protected files... Not that I don't trust dolphin... But if dolphin is able to bypass LSM using kdeinit5, any other program can do that too...
Personally, I see this as security breach... But who am I to judge real programmers...
2. If I start dolphin alone (without full Plasma), security works as expected: dolphin can't enter protected directories.
Fine, I don't think anything will change in near feature... So I am forced to make kdeinit5 untrusted... Need to figure out how to launch programs from now... My LSM doesn't allow processes to have more permissions than their parent process had... That is why I gave all permissions to kdeinit5 - it is parent of all applications that we launch from Plasma menus.