KDM plans and lightDM

Shaun Reich predator106 at gmail.com
Tue Jun 14 00:38:44 BST 2011 

On Mon, Jun 13, 2011 at 6:03 PM, Thomas Lübking
<thomas.luebking at gmail.com> wrote:
> Am Mon, 13 Jun 2011 16:46:12 -0400
> schrieb Shaun Reich <predator106 at gmail.com>:
>
> Sorry, I don't read your blog - just did a quick google and thought this
> was the best place to get a reliable answer.

No problem. Just don't try to critique something until at least
reading up on it (which someone else linked to previously in the
thread, even).

> OFF TOPIC ----------------
--snip
> "From a clock, battery monitor, the kdm greeter (of course. you know,
> the login dialog), system monitors, disc usage, sticky notes,
> calculator, on-screen keyboard"
>

> You got a better link why else using plasma is great?
Huh? Other than the fact that it is capable of powering an entire
workspace on many form factors.

> Oh, and did you see "on-screen keyboard"?

Again..huh? I really don't know what you're trying to get at with
this. The point is we get all of that for free. Whereas if you do not
use the whole of Plasma, you have to do it all yourself (take a look
at kdm's kfrontend code which creates a clock and such. Just makes
things easier when there's zero duplication.

> You mean, like compared to the current indirect qwidget -> subclass ->
> plasma ->
> -> svg
> -> (incomplete) qstyle usage ..?
>

> which usually fails (used to?, actually not tried lately) if you deviate
> from oxygen's margins & paddings because it (implicitly) uses (used? no
> idea whether this has ever been fixed) the style to calculate the size
> but the theme paddings to render clipped strings?
> /OFF TOPIC ----------------
>

Sorry, can't comment on this as I've no idea what you're referring to.

> This is not what i'm talking about. A "hostile" area is where many ppl.
> have (in doubt non physical) access to the same machine.
> So if user x can get user y to add a malicious plasmoid to the DM
> frontend, he can pot. scam his login data/password and use that later
> on.

The same can be done using kdm's authentication plugins. I could go
and make my own right now to do just that, and if the user has root
access and installs it, that's the (stupid) user's prerogative. Just
like installing any other application on a desktop could do the *very*
same.

This is of course, coming from the perspective that the user is a system admin.

You are aware that in order to add applets to the greeter (if that
option is enabled, per system admin), you need to authenticate as root
(which is presumably what the system admin only would have).

So please don't think this is "anyone who walks by can go and monkey
around with it". It sounds like that's what you're confusing it as.

> Ahhh... security by opt-out. Of course, because anything else
> would render the system pointless in the first place.

Once again, you're backwards. YOU NEED ROOT ACCESS TO ADD APPLETS. I
just want to emphasize that. The "the sysadmin can disable that" was
referring to a button, a la what the cashew has, to unlock widgets and
be able to add them. To do that..once again, *requires root access*. I
was simply referring to visually disabling it. It still wouldn't be
functional without root access either way, out of the box.

Sorry, but I don't think you read my blog entries thoroughly enough.
Just as using a utility without reading the man page can destroy your
system, so can replying to a mailing list without having at least read
up on existing docs ;-p

> Overlay the input fields?
> Scam logins & passwords?
> Maybe just hook on textChanged signals for that purpose?

See above. The same *exact* thing could be done if someone just
installed a custom PAM authentication. Seriously. What do you expect
if the user has root access, is able to install anything he wants, and
installs a malicious piece of software? Are you entirely unaware of
how malware works? Malware plays upon the users stupidity with
elevated privileges. If you never elevate the privileges, what's going
to happen? Well. The software wouldn't be installed, for one.

I really think you are thinking incorrectly. This situation can be
applied to ANYTHING. Give full access to someone and they had better
know what they are doing, because if they are stupid enough to install
compromising software on their system -- then their system just got
compromised. That's the fundamental flaw in any security model: the
user who has root access.

(think that covers everything in this thread..onto the next, hehe)

-- 
Shaun Reich,
KDE Software Developer (kde.org)

More information about the kde-core-devel mailing list