'[kscreensaver] [Bug 316893] Security: Unauthenticated user can access the file-system using cashew->'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [kscreensaver] [Bug 316893] Security: Unauthenticated user can access the file-system using cashew->
From:       Gilboa Davara <gilboad () gmail ! com>
Date:       2013-11-24 8:32:23
Message-ID: bug-316893-17878-sv7UBm1F9f () http ! bugs ! kde ! org/
[Download RAW message or body]

https://bugs.kde.org/show_bug.cgi?id=316893

Gilboa Davara <gilboad@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |UNCONFIRMED
         Resolution|WORKSFORME                  |---

--- Comment #18 from Gilboa Davara <gilboad@gmail.com> ---
Aaron,

You're incorrect.
Please execute the following steps:
1. Select Desktop widgets as screen locker.
2. Lock the screen.
3. Click on the  Cashew.
4. Select "Settings".
5. When the Wallpaper selection opens, click "Open".
6. Start browsing the machine file system as the logged in user (I managed to
connected to remote shares that used autofs, nfs and smb).

At a minimum, this allows for a unauthenticated user to view local files on the
local machine.

I would suggest that as a stop-gate solution, a password lock will be added to
the Cashew.
Reopening the bug.

- Gilboa

-- 
You are receiving this mail because:
You are watching all bug changes.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic