[Differential] [Commented On] D797: Require user to authenticate when trying to change lock screen settings
graesslin (Martin Gräßlin)
noreply at phabricator.kde.org
Wed Jan 13 07:03:33 UTC 2016
graesslin added a comment.
I disagree on the point that if a malicious process is already running the lock screen is the least to worry about. It's one of the items to worry about and I'm trying to fix them all. It's just the first I picked.
Why is this one important: because it doesn't need a malicious process. It just needs access to the file system, you don't need to run a program. How to get access to the file system: drive-by download vulnerability is enough. So yeah that's something we need to fix.
I'm fine with moving the config to /etc, I thought it's particular good to leave it on /home, but I understand the backup/restore problem.
REPOSITORY
rKSCREENLOCKER KScreenLocker
REVISION DETAIL
https://phabricator.kde.org/D797
EMAIL PREFERENCES
https://phabricator.kde.org/settings/panel/emailpreferences/
To: graesslin, bshah, davidedmundson, colomar
Cc: mak, plasma-devel
More information about the Plasma-devel
mailing list