From kde-core-devel Wed Oct 12 10:10:48 2011 From: Martin =?ISO-8859-1?Q?Gr=E4=DFlin?= Date: Wed, 12 Oct 2011 10:10:48 +0000 To: kde-core-devel Subject: Re: Re: Re: Security Audit Request for Screenlocker Branch Message-Id: <1822109.h4GTisxvVM () martin-desktop> X-MARC-Message: https://marc.info/?l=kde-core-devel&m=131841428001869 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--nextPart2688768.8xcNV6oYhO" --nextPart2688768.8xcNV6oYhO Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="utf-8" On Wednesday 12 October 2011 09:10:40 Oswald Buddenhagen wrote: > > Of course KWin is a more complex application than others, but given > > what we need in a screen locker the difference becomes marginal IMHO. > > yes. one should consider decoupling the greeter from the core engine. > > > > > I myself have never run into a situation where KWin did not restart > > > > [...] > > > > > > even if it restarts, you still have a non-trivial racing window. > > > additionally, it probably allows a waiting app (some popup) to grab > > > input and thus make the subsequent re-lock fail. > > > > ok, this is a concern I have not yet considered. Any ideas how we could > > handle such a situation? > > by not crashing in the first place. seriously. think about it. ok I have been thinking about it and have a new proposal: * writing a kded module to only handle the screen locking (grab keyboard and mouse) * having greeter in a separate process, so that the kded module can restart the greeter in case it crashes * use xproperty on all greeter windows to inform the compositor which windows belong to it * use a kwin effect to additionally ensure that the screen is blanked and nothing gets above the greeter windows Thoughts? Cheers Martin --nextPart2688768.8xcNV6oYhO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEABECAAYFAk6VZ6gACgkQqVXwidMiVrqBvgCaA2wX1l6tO+e2feLpZRi7jwQR ywEAn38Uo326i7AIJVC+5L6SFyvIXp5D =3+ow -----END PGP SIGNATURE----- --nextPart2688768.8xcNV6oYhO--