> On Nov. 18, 2015, 3:57 p.m., Matthias Klumpp wrote: > > It just wanted to write what David wrote ;-) > > Maybe a way to resolve this is to filter environment variables in KWin or > > before starting KWin, so anything pointing to directories in $HOME gets > > stripped away (unsetting LD_* variables might also be part of that).
well that are many possible variables and it might be a terrible catch up game with any new variable Qt includes. It at least would affect: - LD_LIBRARY_PATH - QT_PLUGIN_PATH - PATH - LD_PRELOAD (see general LD_PRELOAD Wayland keylogger hack) - some QML variables which I don't know right now - anything else I don't remember right now - any aliases (one could do alias kwin_wayland="something evil" - any bash functions. Ideally there just shouldn't be any scripts sourced before kwin gets started - Martin ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/126102/#review88528 ----------------------------------------------------------- On Nov. 18, 2015, 9:18 a.m., Martin Gräßlin wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://git.reviewboard.kde.org/r/126102/ > ----------------------------------------------------------- > > (Updated Nov. 18, 2015, 9:18 a.m.) > > > Review request for Plasma. > > > Repository: plasma-workspace > > > Description > ------- > > This change makes sure that the environment scripts are not sourced > before KWin is started. No user installed scripts are allowed to modify > KWin's environment as that opens an attack vector. > > For example any binary plugin loaded into KWin (be it QStyle, QPT plugin, > etc.) is able to become a key logger. If the env variables were allowed > to be sourced before KWin is started a malicious application run as user > (e.g. exploiting browser vulnerability) would be able to install a key > logger. Required steps: > 1. install a malicious QStyle plugin somewhere in $HOME > 2. place a script in env to adjust variables to load the QStyle plugin > > This would be enough to have a key logger on next login. > > Given that the startup of KWin must not be affected by any scripts > owned by user prior to startup. > > The env scripts are now sourced as first step of startplasma, so > for applications in the session there is no difference. > > > Diffs > ----- > > startkde/startplasma.cmake 8360a636d3f68c957a15158484360a611cfe3ff8 > startkde/startplasmacompositor.cmake > 8b5db615142455fd360c66504fc5d5a7754a029c > > Diff: https://git.reviewboard.kde.org/r/126102/diff/ > > > Testing > ------- > > > Thanks, > > Martin Gräßlin > >
_______________________________________________ Plasma-devel mailing list Plasma-devel@kde.org https://mail.kde.org/mailman/listinfo/plasma-devel