[prev in list] [next in list] [prev in thread] [next in thread]
List: kwin
Subject: Re: Review Request: Screen Locker daemon
From: Thomas =?UTF-8?B?TMO8Ymtpbmc=?= <thomas.luebking () gmail ! com>
Date: 2011-11-10 14:06:37
Message-ID: 20111110150637.45fe9a4d () gmail ! com
[Download RAW message or body]
Am Thu, 10 Nov 2011 14:27:12 +0100
schrieb "Aaron J. Seigo" <aseigo@kde.org>:
> similar can be said for everything in kded.
Which kded services pot. allows for security breaks if you kill
kded?
(I wonder whether a kded plugin could breach into "Password Caching" and
read its memory...)
> if there is a need for two kded instances, one for "trusted, critical" plugins and one for
> "things applications wish to shove into there" then we can probably
> do that.
This is quite OT, but one could simply have kded spwan and nanny
QCoreApplication processes, yesno?
Stacking all "critical & trusted" things into one process makes a
perfect attack target, since if you only need to screw one to getthem
all.
---- Mega OT:
> i don't like how we have one daemon for activities, now another for
> screen locking ...
errrhemmm...
for name in /usr/bin/akonadi_*; do ldd $name | grep -i kdeui; echo
$name; done
-> i have *no* idea why they should need UI, it's probably inherited
with kio
ldd /usr/bin/ksmserver | grep -Ei '(kdeui|plasma)'
-> afaik to show the logout dialog... m\
But i'm happy to hear that it's disliked elsewhere as well =)
---/
> i suppose my only remaining concern is that any window could
> masquerade as a screenlocker window and "blank" the desktop?
Iirc that is called "malware" and the proper solution is to delete it :P
If Martin meant the existing property, xscreensaver will likely set it
as well (for good reason) and given what random clients can do otherwise
esp. on X11, this is no way an issue.
Cheers,
Thomas
_______________________________________________
kwin mailing list
kwin@kde.org
https://mail.kde.org/mailman/listinfo/kwin
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic