Security Audit Request for Screenlocker Branch
todd rme
toddrme2178 at gmail.com
Tue Oct 11 20:40:32 BST 2011
On Tue, Oct 11, 2011 at 9:06 PM, Alexander Neundorf <neundorf at kde.org> wrote:
> On Tuesday 11 October 2011, Martin Gräßlin wrote:
>> On Tuesday 11 October 2011 16:06:11 Andras Mantia wrote:
>> > From here:
>> > "If KWin crashes without restarting privacy is leaked but the system is
>> > hardly useable due to missing window manager. This situation can savely
>> > be ignored as a corner case as KWin normaly restart."
>> >
>> > This is not true, the system can be used without a window manager and if
>> > you happen to have a running terminal or start one, it is possible to
>> > start a new window manager (which might not be kwin) and access
>> > everything.
>>
>> yes if you have a terminal open and if it is the top most of stacking order
>> it is possible to start another window manager. If that is not the case
>> you are not able to start anything as KRunner or kickoff cannot be opened.
>
> You can also switch to a text-mode console (Ctrl+F1 etc), set DISPLAY, and
> start the window manager there.
>
> Alex
Someone would either need your user password (which they could just
use to unlock the screen) or root access (in which case you are pretty
much screwed anyway). Otherwise they wouldn't have access to your
processes.
-Todd
More information about the kde-core-devel
mailing list