[Differential] [Commented On] D797: Require user to authenticate when trying to change lock screen settings
ahartmetz (Andreas Hartmetz)
noreply at phabricator.kde.org
Mon Jan 25 18:37:07 UTC 2016
ahartmetz added a comment.
A good rule is that if you want to protect against a security issue, you must first explain why the user is not already screwed.
If a malicious app is running and can disable the screen locker (or not), the security state transition is from "the user is completely screwed" to "the user is completely screwed". If you have a rogue process running, it has almost infinite ways to grab the user's information and whatnot. Disabling the screen locker is not the problem at that point.
REPOSITORY
rKSCREENLOCKER KScreenLocker
REVISION DETAIL
https://phabricator.kde.org/D797
EMAIL PREFERENCES
https://phabricator.kde.org/settings/panel/emailpreferences/
To: graesslin, bshah, davidedmundson, colomar
Cc: ahartmetz, mak, plasma-devel
More information about the Plasma-devel
mailing list