bug #143859. Possible security issue.

Raúl Sánchez Siles rss at barracuda.es
Mon Jun 18 13:08:13 BST 2007 

  Hello all:

  Someone reported a problem at the Debian BTS:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416824 regarding desktop
was not locking once asking system to hibernate. I proposed a patch which
Debian and Gentoo applied, but after some more reporting seems that
unfortunately the patch doesn't work at all.

  The patch just changed an asynchronous DCOP call to KScreensaveIface for a
synchronous one. Now I test it again and indeed didn't work. I find that
locking works if using the dcop command from a konsole: "dcop kdesktop
KScreensaverIface lock" but I did a test case (attached) that effectively
didn't lock the desktop.

  Just in case I compiled it like this:
g++ -DHAVE_CONFIG_H -I/usr/include/kde -I/usr/share/qt3/include -I. -DQT_THREAD_SUPPORT  -D_REENTRANT  -Wno-long-long -Wundef -ansi -D_XOPEN_SOURCE=500 -D_BSD_SOURCE -Wcast-align -Wchar-subscripts -Wall -W -Wpointer-arith -DNDEBUG -DNO_DEBUG -O2 -g -Wall -O2 -Wformat-security -Wmissing-format-attribute -Wno-non-virtual-dtor -fno-exceptions -fno-check-new -fno-common -DQT_CLEAN_NAMESPACE -DQT_NO_ASCII_CAST -DQT_NO_STL -DQT_NO_COMPAT -DQT_NO_TRANSLATION -o
testdcop
testdcop.cpp -Wno-long-long -Wundef -ansi -D_XOPEN_SOURCE=500 -D_BSD_SOURCE -Wcast-align -Wchar-subscripts -Wall -W -Wpointer-arith -DNDEBUG -DNO_DEBUG -g -Wall -O2 -Wformat-security -Wmissing-format-attribute -Wno-non-virtual-dtor -fno-exceptions -fno-check-new -fno-common -DQT_CLEAN_NAMESPACE -DQT_NO_ASCII_CAST -DQT_NO_STL -DQT_NO_COMPAT -DQT_NO_TRANSLATION -L/usr/share/qt3/lib -o
testdcop -L/usr/share/qt3/lib -lXtst -lkdeui -lm -I
debs/kdeutils/kdeutils-3.5.7/klaptopdaemon/

  I asked for advice at #kde-devel to see if I did anything wrong in the
dcop call, but someone pointed me here. I hope someone could give me some
piece of advice here.

  Thank you very much.

-- 
Raúl Sánchez Siles
-------------- next part --------------
A non-text attachment was scrubbed...
Name: testdcop.cpp
Type: text/x-csrc
Size: 695 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20070618/87a65847/attachment.c>

More information about the kde-core-devel mailing list