Review Request 126102: [startkde] Move sourceing of env scripts to startplasma

David Edmundson david at davidedmundson.co.uk
Thu Nov 19 14:01:20 UTC 2015



> On Nov. 18, 2015, 2:40 p.m., David Edmundson wrote:
> > won't make a difference, SDDM sources a tonne before we get to you.
> 
> David Edmundson wrote:
>     more specifically:
>     
>     https://github.com/sddm/sddm/blob/master/data/scripts/wayland-session
>     
>     we also have anything loaded from pam_env which can include ~/.pam_environment depending on pam_env config.
> 
> Martin Gräßlin wrote:
>     that's not good. Is there a chance we can get this changed in sddm or is that needed?
> 
> David Edmundson wrote:
>     The top one, we can do.
>     
>     It will break some workflows (otherwise we wouldn't be sourcing them), but speaking purely technically that's possible.
>     
>     The second one:
>     Getting the env from pam is something we *need* to do, and on almost every distro that includes pam_env with it's hook to load user set things.
>     There is an option to pam_env to make it not load envs from the user dir, but that means every distro updating their pam files.
>     
>     On arch:
>     -required   pam_env.so
>     +required   pam_env.so user_env=0
>     
>     on the following files:
>     system-auth
>     system-login
>     
>     we can't change that from sddm.
> 
> Martin Gräßlin wrote:
>     I see, thanks for explaining. I'll discard this review request then. It's clearly not a solution.

Just thought of one other thing we need to consider (though is obviously solvable)

The formats KCM writes a small shell script (.config/plasma-locale-settings.sh ) that gets sourced on startkde.
You need this to get the right language. Otherwise it will randomly remove the letter "u" in words at random.


- David


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/126102/#review88525
-----------------------------------------------------------


On Nov. 18, 2015, 3:36 p.m., Martin Gräßlin wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/126102/
> -----------------------------------------------------------
> 
> (Updated Nov. 18, 2015, 3:36 p.m.)
> 
> 
> Review request for Plasma.
> 
> 
> Repository: plasma-workspace
> 
> 
> Description
> -------
> 
> This change makes sure that the environment scripts are not sourced
> before KWin is started. No user installed scripts are allowed to modify
> KWin's environment as that opens an attack vector.
> 
> For example any binary plugin loaded into KWin (be it QStyle, QPT plugin,
> etc.) is able to become a key logger. If the env variables were allowed
> to be sourced before KWin is started a malicious application run as user
> (e.g. exploiting browser vulnerability) would be able to install a key
> logger. Required steps:
> 1. install a malicious QStyle plugin somewhere in $HOME
> 2. place a script in env to adjust variables to load the QStyle plugin
> 
> This would be enough to have a key logger on next login.
> 
> Given that the startup of KWin must not be affected by any scripts
> owned by user prior to startup.
> 
> The env scripts are now sourced as first step of startplasma, so
> for applications in the session there is no difference.
> 
> 
> Diffs
> -----
> 
>   startkde/startplasma.cmake 8360a636d3f68c957a15158484360a611cfe3ff8 
>   startkde/startplasmacompositor.cmake 8b5db615142455fd360c66504fc5d5a7754a029c 
> 
> Diff: https://git.reviewboard.kde.org/r/126102/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Martin Gräßlin
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20151119/fb24c520/attachment-0001.html>


More information about the Plasma-devel mailing list