[Differential] [Request, 41 lines] D4753: [kcheckpass] Drop the throttle handling code
Martin Gräßlin
noreply at phabricator.kde.org
Fri Feb 24 06:00:04 UTC 2017
graesslin created this revision.
Restricted Application added a project: Plasma.
Restricted Application added a subscriber: plasma-devel.
REVISION SUMMARY
Kcheckpass has code to throttle the invocation to prevent brute force
attack. This code has been broken for years and is never executed.
The condition to go into the throttle path is if the effective uid
doesn't match the uid, that is kcheckpass is a setuid application.
But for a few years now kcheckpass is no longer a setuid (at least
when built with PAM).
Given that I don't think it makes sense to still have this code
around. We don't know whether it works and kcheckpass is only to be
invoked from kscreenlocker_greet anyway.
REPOSITORY
R133 KScreenLocker
BRANCH
kcheckpass-no-throttle
REVISION DETAIL
https://phabricator.kde.org/D4753
AFFECTED FILES
kcheckpass/kcheckpass.c
EMAIL PREFERENCES
https://phabricator.kde.org/settings/panel/emailpreferences/
To: graesslin, #plasma
Cc: plasma-devel, progwolff, lesliezhai, ali-mohamed, jensreuterberg, abetts, sebas, apol
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20170224/a2ac9176/attachment.html>
More information about the Plasma-devel
mailing list