[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Security Audit Request for Screenlocker Branch
From: Martin =?ISO-8859-1?Q?Gr=E4=DFlin?= <mgraesslin () kde ! org>
Date: 2011-10-09 18:02:27
Message-ID: 1492778.Pixx8xu4RD () martin-desktop
[Download RAW message or body]
Hi all,
as you might know we have been working on moving the screenlocker from KRunner
to KWin and passed the control to the compositor (iff compositing is active)
to ensure that nothing which should not be shown gets visible.
I want to request a security audit for the changes to ensure that the new
implementation is as secure as the existing one and that I did not forget an
important case which would compromise the security.
The general concept of the new screenlocker is described in the wiki:
http://community.kde.org/KWin/Screenlocker
The documentation of the implementation can be found in:
https://projects.kde.org/projects/kde/kde-
workspace/repository/entry/kwin/screenlocker/screenlocker.h?rev=farhad_hf%2Flockscreen
The code lives in the farhad_hf/lockscreen branch in kde-workspace git
repository. The main new files can be found in
kwin/screenlocker/screenlocker.h|cpp
and in kwin/effects/screenlocker/*
The authentication architecture is not changed and the code under
effects/screenlocker/ is just c&p from the existing implementation. It is
planned to drop the existing implementation around kscreenlocker in 4.9
completely in favor of the new implementation also in the non-composited case.
Because of that I decided to c&p and not adjust the existing code to suit both
implementations.
Currently known limitations of the new implementation:
* KNotification not working (needs to be merged with KWin's knotifyrc)
* Screenlocker not able to adjust to multi screen changes while screen is
locked. This needs some already planned rework in the compositor.
Happy hacking
Martin
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic