Security Audit Request for Screenlocker Branch

Alexander Neundorf neundorf at kde.org
Tue Oct 11 20:48:03 BST 2011


On Tuesday 11 October 2011, todd rme wrote:
> On Tue, Oct 11, 2011 at 9:06 PM, Alexander Neundorf <neundorf at kde.org> 
wrote:
> > On Tuesday 11 October 2011, Martin Gräßlin wrote:
> >> On Tuesday 11 October 2011 16:06:11 Andras Mantia wrote:
> >> > From here:
> >> > "If KWin crashes without restarting privacy is leaked but the system
> >> > is hardly useable due to missing window manager. This situation can
> >> > savely be ignored as a corner case as KWin normaly restart."
> >> > 
> >> > This is not true, the system can be used without a window manager and
> >> > if you happen to have a running terminal or start one, it is possible
> >> > to start a new window manager (which might not be kwin) and access
> >> > everything.
> >> 
> >> yes if you have a terminal open and if it is the top most of stacking
> >> order it is possible to start another window manager. If that is not
> >> the case you are not able to start anything as KRunner or kickoff
> >> cannot be opened.
> > 
> > You can also switch to a text-mode console (Ctrl+F1 etc), set DISPLAY,
> > and start the window manager there.
> > 
> > Alex
> 
> Someone would either need your user password (which they could just
> use to unlock the screen) or root access (in which case you are pretty
> much screwed anyway).  Otherwise they wouldn't have access to your
> processes.

It seems I didn't read the previous email carefully. I simply wanted to reply 
to the statement that it is hard to start a window manager if there is none 
running.

Alex




More information about the kde-core-devel mailing list