Security Audit Request for Screenlocker Branch
Andras Mantia
amantia at kde.org
Tue Oct 11 14:06:11 BST 2011
On Sunday, October 09, 2011 20:02:27 Martin Gr��lin wrote:
> Hi all,
>
> as you might know we have been working on moving the screenlocker from
> KRunner to KWin and passed the control to the compositor (iff
> compositing is active) to ensure that nothing which should not be
> shown gets visible.
>
> I want to request a security audit for the changes to ensure that the
> new implementation is as secure as the existing one and that I did
> not forget an important case which would compromise the security.
>
> The general concept of the new screenlocker is described in the wiki:
> http://community.kde.org/KWin/Screenlocker
>From here:
"If KWin crashes without restarting privacy is leaked but the system is
hardly useable due to missing window manager. This situation can savely
be ignored as a corner case as KWin normaly restart."
This is not true, the system can be used without a window manager and if
you happen to have a running terminal or start one, it is possible to
start a new window manager (which might not be kwin) and access
everything.
I had several times the case (for whatever reason) when I was without a
running kwin and had to start one manually.
Andras
More information about the kde-core-devel
mailing list