Bugzilla – Bug 179019
Security problem: Can't disable SMB/NFS share on a folder under Konqueror after enabled it
Last modified: 2007-05-21 12:30:09 UTC
Hi, i found a security problem with file sharing under KDE : I authorized users to share their folders using SMB/NFS sharing under KDE with Konqueror. For this I go in Personal Settings->Internet&Network->File Sharing (fileshare kcm module), "Enable Local Netwok File Sharing", "Simple Sharing", allowed users : Allow all users to share folders. Then I open Konqueror, right click on a folder and click on "Share" (or on Properties->Share). I click on "Shared" radio button and OK. My folder is shared, I can see it from another computer as smb share. Now I wan't to disable sharing. I return to "Share" and there are two problems : - "Not shared" is activated by defaut event if the folder is already shared. - If I choose this default action and click OK, my folder remains shared. I think this is a security problem : users can't remove their SMB shares from Konqueror. So everybody can access them even if the user tries to disable them. Only root can go to kcm fileshare module and remove a share. So I put severity as critical. I hope this bug will be corrected soon.
This problem doesn't occur when Advanced Sharing is enabled...
Created attachment 88348 [details] kdelibs3 patch Our filesharelist has incompatible output to the KDE's one, but the matching kdelibs patch (fileshare.diff) is disabled, because it doesn't apply (and it also contains some i18n that is not in kdebase-SUSE/totranslate). This filesharesimple.diff patch is the small subset of the patch that parses out output. With it this problem goes away.
ok, I added this minimal patch for 10.1, rehubbing for 10.2.
Ok. Will this patch applied to 3.5.3 branch (I upgraded from lastest KDE3 repository) ?
Ok, I think the bug is fixed now.