Review Request 126102: [startkde] Move sourceing of env scripts to startplasma
David Edmundson
david at davidedmundson.co.uk
Thu Nov 19 14:01:20 UTC 2015
> On Nov. 18, 2015, 2:40 p.m., David Edmundson wrote:
> > won't make a difference, SDDM sources a tonne before we get to you.
>
> David Edmundson wrote:
> more specifically:
>
> https://github.com/sddm/sddm/blob/master/data/scripts/wayland-session
>
> we also have anything loaded from pam_env which can include ~/.pam_environment depending on pam_env config.
>
> Martin Gräßlin wrote:
> that's not good. Is there a chance we can get this changed in sddm or is that needed?
>
> David Edmundson wrote:
> The top one, we can do.
>
> It will break some workflows (otherwise we wouldn't be sourcing them), but speaking purely technically that's possible.
>
> The second one:
> Getting the env from pam is something we *need* to do, and on almost every distro that includes pam_env with it's hook to load user set things.
> There is an option to pam_env to make it not load envs from the user dir, but that means every distro updating their pam files.
>
> On arch:
> -required pam_env.so
> +required pam_env.so user_env=0
>
> on the following files:
> system-auth
> system-login
>
> we can't change that from sddm.
>
> Martin Gräßlin wrote:
> I see, thanks for explaining. I'll discard this review request then. It's clearly not a solution.
Just thought of one other thing we need to consider (though is obviously solvable)
The formats KCM writes a small shell script (.config/plasma-locale-settings.sh ) that gets sourced on startkde.
You need this to get the right language. Otherwise it will randomly remove the letter "u" in words at random.
- David
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/126102/#review88525
-----------------------------------------------------------
On Nov. 18, 2015, 3:36 p.m., Martin Gräßlin wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/126102/
> -----------------------------------------------------------
>
> (Updated Nov. 18, 2015, 3:36 p.m.)
>
>
> Review request for Plasma.
>
>
> Repository: plasma-workspace
>
>
> Description
> -------
>
> This change makes sure that the environment scripts are not sourced
> before KWin is started. No user installed scripts are allowed to modify
> KWin's environment as that opens an attack vector.
>
> For example any binary plugin loaded into KWin (be it QStyle, QPT plugin,
> etc.) is able to become a key logger. If the env variables were allowed
> to be sourced before KWin is started a malicious application run as user
> (e.g. exploiting browser vulnerability) would be able to install a key
> logger. Required steps:
> 1. install a malicious QStyle plugin somewhere in $HOME
> 2. place a script in env to adjust variables to load the QStyle plugin
>
> This would be enough to have a key logger on next login.
>
> Given that the startup of KWin must not be affected by any scripts
> owned by user prior to startup.
>
> The env scripts are now sourced as first step of startplasma, so
> for applications in the session there is no difference.
>
>
> Diffs
> -----
>
> startkde/startplasma.cmake 8360a636d3f68c957a15158484360a611cfe3ff8
> startkde/startplasmacompositor.cmake 8b5db615142455fd360c66504fc5d5a7754a029c
>
> Diff: https://git.reviewboard.kde.org/r/126102/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Martin Gräßlin
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20151119/fb24c520/attachment-0001.html>
More information about the Plasma-devel
mailing list