KDE su uses the sytem's su for acquiring priviliges. In this section, I explain the details of how KDE su does this.

Because some su implementations (i.e. the one from Red Hat®) don't want to read the password from stdin, KDE su creates a pty/tty pair and executes su with its standard filedescriptors connected to the tty.

To execute the command the user selected, rather than an interactive shell, KDE su uses the -c argument with su. This argument is understood by every shell that I know of so it should work portably. su passes this -c argument to the target user's shell, and the shell executes the program. Example command: su root -c the_program.

Instead of executing the user command directly with su, KDE su executes a little stub program called kdesu_stub. This stub (running as the target user), requests some information from KDE su over the pty/tty channel (the stub's stdin and stdout) and then executes the user's program. The information passed over is: the X display, an X authentication cookie (if available), the PATH and the command to run. The reason why a stub program is used is that the X cookie is private information and therefore cannot be passed on the command line.