D22571: Allow blacklisting some wayland interfaces
David Edmundson
noreply at phabricator.kde.org
Sat Jul 20 16:37:14 BST 2019
davidedmundson added a comment.
> Can we put some enforcement on the desktop file like requiring that it is root owned?
Urgh, please no.
At most maybe we can check the location matches kwin's install_prefix.
INLINE COMMENTS
> wayland_server.cpp:219
> + }
> + return QByteArray();
> + }
Can you make us fail if both return an empty byte array.
> wayland_server.cpp:227
> + QStringList fetchRequestedInterfaces(KWayland::Server::ClientConnection * client) const {
> + const auto serviceQuery = QStringLiteral("exist Exec and exist [X-KDE-Wayland-Interfaces] and ('%1' =~ Exec or '%2' =~ Exec)").arg(client->executablePath(), QFileInfo(client->executablePath()).fileName());
> + const auto servicesFound = KServiceTypeTrader::self()->query(QStringLiteral("Application"), serviceQuery);
This doesn't protect against the attack of just having a binary called /tmp/plasmashell without a container.
We'll match the executablePath.fileName
Then compare that /tmp/plasmashell matched /tmp/plasmashell
We want to compare /proc/PID/root/ + client->executablePath()
against QStandardPaths::findExecutable(servicesFound.exec())
?
REPOSITORY
R108 KWin
REVISION DETAIL
https://phabricator.kde.org/D22571
To: apol, #plasma, #kwin
Cc: graesslin, davidedmundson, kwin, LeGast00n, fmonteiro, sbergeron, jraleigh, fbampaloukas, GB_2, mkulinski, ragreen, jackyalcine, Pitel, iodelay, crozbo, bwowk, ZrenBot, ngraham, alexeymin, himcesjf, lesliezhai, ali-mohamed, hardening, jensreuterberg, abetts, sebas, apol, mart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kwin/attachments/20190720/6fa86207/attachment.html>
More information about the kwin
mailing list