D5029: Use seccomp for implementing a sandbox for kscreenlocker_greet
Martin Gräßlin
noreply at phabricator.kde.org
Sun Mar 12 16:48:23 UTC 2017
graesslin added inline comments.
INLINE COMMENTS
> broulik wrote in seccomp_test.cpp:95
> set `QNetworkRequest::FollowRedirectsAttribute` or else Ben will get angry
The point of this test is that the call doesn't work. See line 101. The seccomp filter disallows network access. No matter whether I use FollowRedirectsAttribute or not: kde.org will never see the request.
And if not and Ben gets angry: even better, than we have a human auto test ;-)
> broulik wrote in greeterapp.cpp:148
> Might lead to an unreachable code warning?
why should it? The code looks quite reachable to me. If kcheckpass is setuid it uses the code from line 151.
REVISION DETAIL
https://phabricator.kde.org/D5029
To: graesslin, #plasma
Cc: broulik, plasma-devel, progwolff, lesliezhai, ali-mohamed, jensreuterberg, abetts, sebas, apol
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20170312/d4de72e3/attachment-0001.html>
More information about the Plasma-devel
mailing list