Review Request 117157: Unlock session via DBus
mgraesslin at kde.org
Mon Mar 31 07:55:05 BST 2014
On Sunday 30 March 2014 18:06:52 Thiago Macieira wrote:
> > Leaving access to an open shell is certainly bad enough - beyond question.
> > The question is whether gaining direct access to a running session and
> > random open clients (and leaving the stage untraced) is more valuable and
> > thus worth pretection.
> We're assuming that the attacker already gained access to the session at
> this point. For example, if you've left a logged in shell in a virtual
> console. At that point, it's already game over.
> Since that is so, let's stop trying to cover the sun with a sieve. Instead,
> let's make the life of developers and helpgivers easier: let there be an
> unlock command via D-Bus, without transiting the password again.
Personally I have to disagree. To me the graphical login is a an asset which
needs to be protected in a stronger way. Access to a tty should not equal
access to the graphical system. The fact that X is broken should not result in
us adding further insecurities which need to be fixed up once we transit to
Wayland. The opposite has to happen: all the small security issues we let in,
because X was already broken need to get fixed. This thread turned into a nice
TODO list :-)
Our default should be to be secure and not to allow to be insecure because
developers need to have an easy way to fix their setup.
Btw. the greeter theme allows to be changed and the theme does not require
authentication. It's up to the greeter theme to decide how to grant access. We
even ship one theme for Plasma Active which does not provide any security. For
use cases which require to allow quitting the locker through DBus this should
be provided through the greeter theme, not through the lock process. If one
wants to make the system less secure it should have to be explicitly changed
and should require more privs.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: This is a digitally signed message part.
More information about the kde-core-devel