Update polkit-qt-1 to replace two deprecated methods with the new method
Review Request #117056 - Created March 25, 2014 and submitted
|dafre, dfaure, mbriza|
Based on https://bugzilla.redhat.com/show_bug.cgi?id=1002375, two methods (polkit_unix_process_new and polkit_unix_process_new_full) were deprecated in PolKit as that these could cause security exploitations. The attached patch ports Polkit-qt-1 to the new method polkit_unix_process_new_for_owner and is based on a patch mentioned in the bugreport for spicy-gtk library.
Polkit-qt-1 compiles fine without indicating that the two deprecated polkit methods
Seems that this is causing a different effect, where users are suddenly have all kind of permissions. My assumption is that the getuid () is causing the issue as that this might be coming from the user "root" ?. Therefore I reverted the commit and will try to find a better solution.
Review request changed
The issue with the previous version was with the getuid () call as indicated. We know use a polkit routine to get the user that requests the action. This delivers the correct situation that the system policies are properly checked for the right user. Tested on openSUSE.
Revision 2 (+14 -2)
Have you tested this change? I have some doubts this would work. You are requesting information from subject() before you are even setting it. I honestly don't know how the uid should be retrieved, but I guess it gets a little bit more complicated than this. Maybe the authority has this information?
I started looking into KAuth to change the call from Subject(pid) to SystemBusName() and can't get my mind wrapped around the patch in this review request. Why are you calling polkit_unix_user_get_uid(PolkitUnixUser*) with a casted PolkitUnixProcess (implementing PolkitSubject) object? What does the function return? Does it actually work? It seems there's some undefined behavior there... Why not just call polkit_unix_process_new_for_owner(pid, startTime, -1) in the constructor and setSubject? I think this method was added instead of the deprecated _new and _new_full to serve the same purpose. Please, let's discuss this once more, it's important to have this sorted out correctly.