Security Audit Request for Screenlocker Branch

Andras Mantia amantia at
Tue Oct 11 14:06:11 BST 2011

On Sunday, October 09, 2011 20:02:27 Martin Gr��lin wrote:
> Hi all,
> as you might know we have been working on moving the screenlocker from
> KRunner to KWin and passed the control to the compositor (iff
> compositing is active) to ensure that nothing which should not be
> shown gets visible.
> I want to request a security audit for the changes to ensure that the
> new implementation is as secure as the existing one and that I did
> not forget an important case which would compromise the security.
> The general concept of the new screenlocker is described in the wiki:

>From here:
"If KWin crashes without restarting privacy is leaked but the system is 
hardly useable due to missing window manager. This situation can savely 
be ignored as a corner case as KWin normaly restart."

This is not true, the system can be used without a window manager and if 
you happen to have a running terminal or start one, it is possible to 
start a new window manager (which might not be kwin) and access 

I had several times the case (for whatever reason) when I was without a 
running kwin and had to start one manually.


More information about the kde-core-devel mailing list