From kde-core-devel Tue Oct 11 19:48:03 2011 From: Alexander Neundorf Date: Tue, 11 Oct 2011 19:48:03 +0000 To: kde-core-devel Subject: Re: Security Audit Request for Screenlocker Branch Message-Id: <201110112148.03861.neundorf () kde ! org> X-MARC-Message: https://marc.info/?l=kde-core-devel&m=131836264021019 On Tuesday 11 October 2011, todd rme wrote: > On Tue, Oct 11, 2011 at 9:06 PM, Alexander Neundorf wrote: > > On Tuesday 11 October 2011, Martin Gräßlin wrote: > >> On Tuesday 11 October 2011 16:06:11 Andras Mantia wrote: > >> > From here: > >> > "If KWin crashes without restarting privacy is leaked but the system > >> > is hardly useable due to missing window manager. This situation can > >> > savely be ignored as a corner case as KWin normaly restart." > >> > > >> > This is not true, the system can be used without a window manager and > >> > if you happen to have a running terminal or start one, it is possible > >> > to start a new window manager (which might not be kwin) and access > >> > everything. > >> > >> yes if you have a terminal open and if it is the top most of stacking > >> order it is possible to start another window manager. If that is not > >> the case you are not able to start anything as KRunner or kickoff > >> cannot be opened. > > > > You can also switch to a text-mode console (Ctrl+F1 etc), set DISPLAY, > > and start the window manager there. > > > > Alex > > Someone would either need your user password (which they could just > use to unlock the screen) or root access (in which case you are pretty > much screwed anyway). Otherwise they wouldn't have access to your > processes. It seems I didn't read the previous email carefully. I simply wanted to reply to the statement that it is hard to start a window manager if there is none running. Alex