[policykit-kde-agent-1] [Bug 498957] [CVE-2024-37408] Security attention for fingerprint

David Edmundson Tue, 21 Jan 2025 07:11:24 -0800

https://bugs.kde.org/show_bug.cgi?id=498957


David Edmundson <k...@davidedmundson.co.uk> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|0                           |1
                 CC|                            |k...@davidedmundson.co.uk
             Status|REPORTED                    |CONFIRMED

--- Comment #2 from David Edmundson <k...@davidedmundson.co.uk> ---
Bug report is valid.  Arguably if you have executable code that can launch
pkexec and manipulate window stacking order one could do a tonne of other
attacks anyway so not more urgent than the known state, but the known state
isn't exactly great.

Ultimately we need to be treating this auth dialog to be a fully blocking
system component, like how the lockscreen works.

-- 
You are receiving this mail because:
You are watching all bug changes.

[policykit-kde-agent-1] [Bug 498957] [CVE-2024-37408] Security attention for fingerprint

Reply via email to