Hi,

there is a symlink/owner problem in the KDE file manager kfm. I found it
on my SuSE 7.0 but I'm not sure if it is an original SuSE package or
not, rpm doesn't know about it:

paulps:/tmp > rpm -qfi /usr/opt/kde/bin/kfm
die Datei »/usr/opt/kde/bin/kfm« gehört zu keinem Paket

what means that the kfm binary is not known to rpm. However, I suspect
that it is included in all KDE1 distributions.

kfm will create a cache directory in /tmp without checking for correct
onwership named kfm-cache-UID where UID is the numerical user id. Then
it will write to files in the cache dir, for example:

rootps:/tmp/kfm-cache-500 > ls -la
drwxrwxrwx 2 rws uboot 4096 Apr 18 21:18 .
drwxrwxrwt 15 root root 770048 Apr 18 21:16 ..
lrwxrwxrwx 1 rws uboot 18 Apr 18 21:18 index.html ->
/home/paul/.bashrc
-rw-r--r-- 1 rws uboot 0 Apr 18 21:16 index.txt

rootps:/tmp/kfm-cache-500 > ls -la /home/paul/.bashrc
-rw-r--r-- 1 paul users 1458 Jan 23 13:56
/home/paul/.bashrc

and after running kfm as user 500:

rootps:/tmp/kfm-cache-500 > ls -la /home/paul/.bashrc
-rw-r--r-- 1 paul users 271 Apr 18 21:19
/home/paul/.bashrc

The impact is obvious :-/

Ihq.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]