D8756: Forbid more syscalls which could modify the filesystem
David Kahles
noreply at phabricator.kde.org
Sat Nov 11 07:18:08 UTC 2017
davidk created this revision.
Restricted Application added a project: Plasma.
Restricted Application added a subscriber: plasma-devel.
REVISION SUMMARY
Forbid more syscalls. An malicious theme could create directories with the
password as name, or encode the password in chmod bits. Also, prevent
deleting anything, so a theme can't delete the users files.
TEST PLAN
- Autotests run fine
- Started sceenlocker, unlocked, created a new session. Got no seccomp violations in dmesg and everything worked fine.
- Didn't test it with the nvidia driver
REPOSITORY
R133 KScreenLocker
BRANCH
seccomp
REVISION DETAIL
https://phabricator.kde.org/D8756
AFFECTED FILES
greeter/autotests/seccomp_test.cpp
greeter/seccomp_filter.cpp
To: davidk
Cc: plasma-devel, ZrenBot, progwolff, lesliezhai, ali-mohamed, jensreuterberg, abetts, sebas, apol, mart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20171111/65c18b1f/attachment.html>
More information about the Plasma-devel
mailing list