D5029: Use seccomp for implementing a sandbox for kscreenlocker_greet
Kai Uwe Broulik
noreply at phabricator.kde.org
Sun Mar 12 17:32:57 UTC 2017
broulik added inline comments.
INLINE COMMENTS
> graesslin wrote in seccomp_test.cpp:95
> The point of this test is that the call doesn't work. See line 101. The seccomp filter disallows network access. No matter whether I use FollowRedirectsAttribute or not: kde.org will never see the request.
>
> And if not and Ben gets angry: even better, than we have a human auto test ;-)
It might fail because KDE CI infrastructure does a redirect we don't follow instead of failing because we actually restricted it.
> graesslin wrote in greeterapp.cpp:148
> why should it? The code looks quite reachable to me. If kcheckpass is setuid it uses the code from line 151.
Yeah but it will lead to code in the form of
return new Authenticator(Authenticator::AuthenticationMode::Delayed, this);
return new Authenticator(Authenticator::AuthenticationMode::Direct, this);
the latter being unreachable. Just being picky here, though, feel free to ignore.
REVISION DETAIL
https://phabricator.kde.org/D5029
To: graesslin, #plasma
Cc: broulik, plasma-devel, progwolff, lesliezhai, ali-mohamed, jensreuterberg, abetts, sebas, apol
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20170312/584b7bc4/attachment.html>
More information about the Plasma-devel
mailing list