From kde-core-devel Tue Oct 11 19:40:32 2011 From: todd rme Date: Tue, 11 Oct 2011 19:40:32 +0000 To: kde-core-devel Subject: Re: Security Audit Request for Screenlocker Branch Message-Id: X-MARC-Message: https://marc.info/?l=kde-core-devel&m=131836207520251 On Tue, Oct 11, 2011 at 9:06 PM, Alexander Neundorf wrote: > On Tuesday 11 October 2011, Martin Gräßlin wrote: >> On Tuesday 11 October 2011 16:06:11 Andras Mantia wrote: >> > From here: >> > "If KWin crashes without restarting privacy is leaked but the system is >> > hardly useable due to missing window manager. This situation can savely >> > be ignored as a corner case as KWin normaly restart." >> > >> > This is not true, the system can be used without a window manager and if >> > you happen to have a running terminal or start one, it is possible to >> > start a new window manager (which might not be kwin) and access >> > everything. >> >> yes if you have a terminal open and if it is the top most of stacking order >> it is possible to start another window manager. If that is not the case >> you are not able to start anything as KRunner or kickoff cannot be opened. > > You can also switch to a text-mode console (Ctrl+F1 etc), set DISPLAY, and > start the window manager there. > > Alex Someone would either need your user password (which they could just use to unlock the screen) or root access (in which case you are pretty much screwed anyway). Otherwise they wouldn't have access to your processes. -Todd