On Sunday 30 March 2014 15:36:29 Thiago Macieira wrote: > Em seg 31 mar 2014, às 00:01:13, Thomas Lübking escreveu: > > > If they can gain access to a TTY login we are already screwed > > > > leaving aside the present issue (/MainApplication quit being exposed > > to dbus) and given ptrace (gdb solution) is denied: in how far? > > (beyond killing the session, ie. being a nasty little jerk > > They can already access all of the other applications and the user's > files.
Exactly. And that's why I agree with the people who argue in favor of unlocking the session via DBus. AFAIU the threat model which not providing this feature protects against is that some user locks his KDE session, but forgets to also lock some other local or remote session. IMHO this is a ridiculous threat model. There are so many possible attack vectors if an attacker has full access to the user's files that it doesn't really make any sense to try to protect some other session from the attacker. (In the past, I have already locked my KDE session, but left a TTY session unlocked. Doh! But I also had to kill the screen locker several times to re-gain access to my KDE session because for some reason the screen locker didn't let me unlock the session anymore. So, I've been in both situations and I definitely prefer to have the ability to unlock the KDE session via DBus.) Just my 2 cents. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
