[Differential] [Commented On] D797: Require user to authenticate when trying to change lock screen settings
davidedmundson (David Edmundson)
noreply at phabricator.kde.org
Tue Jan 12 18:27:52 UTC 2016
davidedmundson added a comment.
In fact with this, you can now never remove a user. That's definitely a blocker
> When set, prevents, even the superuser, from erasing or changing the contents of the file.
INLINE COMMENTS
auth-helper/kscreenlockerauthhelper.cpp:94 Unintuitively, you're better off opening the file before you do the security checks.
Otherwise we have a race condition where I can launch this action and then swap the file for a symlink. With a scripted million attempts, it might work.
REPOSITORY
rKSCREENLOCKER KScreenLocker
REVISION DETAIL
https://phabricator.kde.org/D797
EMAIL PREFERENCES
https://phabricator.kde.org/settings/panel/emailpreferences/
To: graesslin, bshah, colomar, davidedmundson
Cc: plasma-devel
More information about the Plasma-devel
mailing list