Bugtraq: Hole in the KDE desktop

[alan () LXORGUK UKUU ORG UK (Alan Cox)]

KDE is a sort of neat desktop built on the Qt widget class (see
http://www.kde.org). A word of warning to anyone running it however - the
file manager talks to the other modules over a basically unsecured TCP
socket. You can ask it to copy files and all sorts of lovely stuff.
Fortunately its not got any obvious major features (the file copy for example
is to their local disk). However if you can get a file onto their box (eg
into their anonymous ftp area) you can ask kfm to copy it to ~user/.rhosts

The fix appears to be to make the KDE software communicate over an AF_UNIX
socket and set file permissions appropriately on the socket name. This
requires you rebuild a fair chunk of the KDE software but the end result
seems to work as well as before.

I've tried reporting bugs to the KDE authors, all I got was abuse so I'll
log it here instead in the hope someone sensible from the KDE project reads
this.

Alan