[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Security Audit Request for Screenlocker Branch
From: Andras Mantia <amantia () kde ! org>
Date: 2011-10-11 13:06:11
Message-ID: 1730434.TNOid8kQ15 () stein
[Download RAW message or body]
On Sunday, October 09, 2011 20:02:27 Martin Gr��lin wrote:
> Hi all,
>
> as you might know we have been working on moving the screenlocker from
> KRunner to KWin and passed the control to the compositor (iff
> compositing is active) to ensure that nothing which should not be
> shown gets visible.
>
> I want to request a security audit for the changes to ensure that the
> new implementation is as secure as the existing one and that I did
> not forget an important case which would compromise the security.
>
> The general concept of the new screenlocker is described in the wiki:
> http://community.kde.org/KWin/Screenlocker
From here:
"If KWin crashes without restarting privacy is leaked but the system is
hardly useable due to missing window manager. This situation can savely
be ignored as a corner case as KWin normaly restart."
This is not true, the system can be used without a window manager and if
you happen to have a running terminal or start one, it is possible to
start a new window manager (which might not be kwin) and access
everything.
I had several times the case (for whatever reason) when I was without a
running kwin and had to start one manually.
Andras
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic