Security Audit Request for Screenlocker Branch
Oswald Buddenhagen
ossi at kde.org
Wed Oct 12 18:38:11 BST 2011
On Wed, Oct 12, 2011 at 04:47:54PM +0200, Dario Freddi wrote:
> 2011/10/12 Martin Gräßlin <mgraesslin at kde.org>:
> > ok I have been thinking about it and have a new proposal:
> > * writing a kded module to only handle the screen locking (grab keyboard and
> > mouse)
>
> TBH, if you really care about not making the thing crash, I would not
> put it into KDED, which has a lot of things which are not under your
> control potentially crashy, but into a separate running daemon.
>
my first thought, too. :}
> > * having greeter in a separate process, so that the kded module can restart
> > the greeter in case it crashes
> > * use xproperty on all greeter windows to inform the compositor which windows
> > belong to it
>
i'm assuming you are including the locker/saver window in "greeter
windows"?
> > * use a kwin effect to additionally ensure that the screen is
> > blanked and nothing gets above the greeter windows
> >
that seems superfluous. the presence of the locker window simultaneously
indicates "locker mode" and provides "blanking content" (rendered by an
out-of-process hack and blanked in-process as a fallback). when that goes
away unexpectedly, all bets are off anyway.
More information about the kde-core-devel
mailing list