Review Request 117157: Unlock session via DBus
Martin Gräßlin
mgraesslin at kde.org
Sat Mar 29 12:15:58 GMT 2014
> On March 29, 2014, 1:05 p.m., Martin Gräßlin wrote:
> > I also have problems imagining what a use case for this is and I consider this as a security issue. It basically means that the session can get unlocked without going through authentication.
>
> Kirill Elagin wrote:
> You have to authenticate anyway to access the DBus session bus.
and running applications? It would allow $evilsecretservice to unlock the screen when $agent needs to use the system after remote installing some software. Since Snowden this doesn't sound so far fetched any more (unfortunately).
- Martin
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/117157/#review54538
-----------------------------------------------------------
On March 29, 2014, 12:58 p.m., Kirill Elagin wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/117157/
> -----------------------------------------------------------
>
> (Updated March 29, 2014, 12:58 p.m.)
>
>
> Review request for kde-workspace.
>
>
> Bugs: 314989
> http://bugs.kde.org/show_bug.cgi?id=314989
>
>
> Repository: kde-workspace
>
>
> Description
> -------
>
> Unlock session via DBus
>
> Make org.freedesktop.ScreenSaver.SetActive(false) unlock session.
>
>
> Diffs
> -----
>
> plasma-workspace/ksmserver/screenlocker/interface.cpp ecb30a37b1a207cf9dab8c53b1b879108a99a45b
> plasma-workspace/ksmserver/screenlocker/ksldapp.h b292b62f4df073fff31bcbfd0e39f4c4fe04c92d
> plasma-workspace/ksmserver/screenlocker/ksldapp.cpp f2e5262524447e8ae1df1fbf6543297c3be3e6b8
>
> Diff: https://git.reviewboard.kde.org/r/117157/diff/
>
>
> Testing
> -------
>
> I've tested this with KDE 4.11.5 which I'm currently running.
> Rebasing to master was completely trivial; I've looked through the code and I believe all the assumptions I made are still valid in master.
>
>
> Thanks,
>
> Kirill Elagin
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20140329/ba8769b1/attachment.htm>
More information about the kde-core-devel
mailing list