Review Request 117157: Unlock session via DBus

Thiago Macieira thiago at
Sun Mar 30 23:36:29 BST 2014

Em seg 31 mar 2014, às 00:01:13, Thomas Lübking escreveu:
> > If they can gain access to a TTY login we are already screwed
> leaving aside the present issue (/MainApplication quit being exposed to
> dbus) and given ptrace (gdb solution) is denied: in how far? (beyond
> killing the session, ie. being a nasty little jerk

They can already access all of the other applications and the user's files. 
They can attach gdb to any of the user processes. They can listen to all 
messages on D-Bus. They can attach to any IPC mechanism the user has access 

They can also launch new X applications. So they may not cause the session to 
unlock, but they can still launch a keylogger application that will take effect 
when the legitimate user returns and unlocks the screen.

And, oh, the attacker can change the user's password! If it's a matter of 
unlocking the screen, they can use passwd to change the password, unlock the 
screen with the new password and then happily use the running session.

Thiago Macieira - thiago (AT) - thiago (AT)
   Software Architect - Intel Open Source Technology Center
      PGP/GPG: 0x6EF45358; fingerprint:
      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358

More information about the kde-core-devel mailing list