D18845: authority: add support for passing details to polkit

2019-03-28 Thread Matthias Gerstner
mgerstner added a comment. In D18845#439430 , @ngraham wrote: > @mgerstner can you provide your email address so we can land this patch with correct authorship information? It's matthias.gerst...@suse.com. REVISION DETAIL https://phabr

D18845: authority: add support for passing details to polkit

2019-03-27 Thread Matthias Gerstner
mgerstner updated this revision to Diff 54931. mgerstner added a comment. Now using `constData()` as suggest by chinmoyr. CHANGES SINCE LAST UPDATE https://phabricator.kde.org/D18845?vs=51753&id=54931 REVISION DETAIL https://phabricator.kde.org/D18845 AFFECTED FILES core/polkitqt1-auth

D18845: authority: add support for passing details to polkit

2019-03-27 Thread Matthias Gerstner
mgerstner added inline comments. INLINE COMMENTS > chinmoyr wrote in polkitqt1-authority.cpp:336 > Nitpick; constData() because the API seems to take const gchar* Strictly spoken it already returns `const gchar*`, since `toUtf8()` returns a `const QByteArray` temporary object and thus the `cons

D18845: authority: add support for passing details to polkit

2019-02-21 Thread Matthias Gerstner
mgerstner added a comment. In D18845#416305 , @bruns wrote: > Does this solve part of T8075 ? Part of a part it seems. I am currently working towards T10480 . To actua

D19001: katetextbuffer: refactor TextBuffer::save() to better separate code paths

2019-02-21 Thread Matthias Gerstner
mgerstner added a comment. >> @cullmann wrote: > > If you pass me your author email, I will push that. Sure, it's matthias.gerst...@suse.de REVISION DETAIL https://phabricator.kde.org/D19001 To: mgerstner, dhaumann, cullmann, #ktexteditor, chinmoyr, fvogt Cc: kwrite-devel, kde-fra

D19001: katetextbuffer: refactor TextBuffer::save() to better separate code paths

2019-02-18 Thread Matthias Gerstner
mgerstner updated this revision to Diff 51951. mgerstner added a comment. Use a C++11 enum class with KDE style CamelCase identifiers. CHANGES SINCE LAST UPDATE https://phabricator.kde.org/D19001?vs=51662&id=51951 REVISION DETAIL https://phabricator.kde.org/D19001 AFFECTED FILES src/bu

D18845: authority: add support for passing details to polkit

2019-02-15 Thread Matthias Gerstner
mgerstner added inline comments. INLINE COMMENTS > bruns wrote in polkitqt1-authority.cpp:328 > nullptr I didn't want to mix styles in the source files. It's adjusted now. REVISION DETAIL https://phabricator.kde.org/D18845 To: mgerstner, #frameworks, chinmoyr, fvogt, bruns Cc: kde-frameworks

D18845: authority: add support for passing details to polkit

2019-02-15 Thread Matthias Gerstner
mgerstner updated this revision to Diff 51753. mgerstner added a comment. Incorporated review comments: replaced `NULL` by `nullptr`, removed some extra whitespace within parantheses, added KF6 TODO. CHANGES SINCE LAST UPDATE https://phabricator.kde.org/D18845?vs=51161&id=51753 REVISION DE

D19001: katetextbuffer: refactor TextBuffer::save() to better separate code paths

2019-02-14 Thread Matthias Gerstner
mgerstner created this revision. Herald added projects: Kate, Frameworks. Herald added subscribers: kde-frameworks-devel, kwrite-devel. mgerstner requested review of this revision. REVISION SUMMARY This change breaks up the rather large `TextBuffer::save()` into separate functions. Most notabl

D18950: KCompressionDevice: reset error in open() to allow reuse of object

2019-02-12 Thread Matthias Gerstner
mgerstner created this revision. Herald added a project: Frameworks. Herald added a subscriber: kde-frameworks-devel. mgerstner requested review of this revision. REVISION SUMMARY Previously is was not possible to reuse a `KCompressionDevice` object after a call to `open()` failed and `propaga

D14467: Auth Support: Drop privileges if target is not owned by root

2019-01-31 Thread Matthias Gerstner
mgerstner added a comment. chinmoyr asked me to review this patch since I was involved with A CVE in similar code in kate / ktexteditor a while ago. Back then the logic was special purpose to replace a file in the file system with content provided via D-Bus. This here is a way more gener

D12513: CVE-2018-10361: privilege escalation

2018-05-09 Thread Matthias Gerstner
mgerstner added a comment. Restricted Application edited subscribers, added: kde-frameworks-devel, kwrite-devel; removed: Frameworks. In D12513#258565 , @aacid wrote: > > Honestly i don't understand why i have to care about anything

D12513: CVE-2018-10361: privilege escalation

2018-05-03 Thread Matthias Gerstner
mgerstner added a comment. In D12513#256845 , @aacid wrote: > @mgerstner I don't really understand why we need the chdir, renameat, etc. > > Dropping privileges to the minimum needed should be enough, shouldn't it? > > I mean at that point

D12513: CVE-2018-10361: privilege escalation

2018-04-27 Thread Matthias Gerstner
mgerstner added a comment. Hi, I am the guy that came up with the initial security report. I contacted //cullman// about the issue and we've exchanged a couple of emails about how to improve the code. He asked me about what approach would be better: Setting up the temporary file