https://bugs.kde.org/show_bug.cgi?id=395419
Ardith Metz <itgvk...@grr.la> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Resolution|UPSTREAM |---
Status|RESOLVED |REOPENED
--- Comment #5 from Ardith Metz <itgvk...@grr.la> ---
(In reply to Martin Flöser from comment #1)
> Please report to X developers. They should use sane and secure defaults.
This is the upstream answer in related case[1]:
"However, if the Wayland compositor enables IP, and you think that is a
mistake, then you should report that to the Wayland compositor project in
question."
Moreover I'm able to override standalone xserver/xwayland defaults but I'm not
able to override kwin/xwayland defaults. That's why I think this issue belongs
to kde devs. At least if they care about security.
Currently kwin starts xwayland as:
/usr/bin/Xwayland -displayfd xx --rootless --wm xx
To fix this issue it should start it as:
/usr/bin/Xwayland -nolisten tcp -displayfd xx --rootless --wm xx
[1] https://bugs.freedesktop.org/show_bug.cgi?id=106573#c2
BTW: I have reports from people who can reproduce this.
--
You are receiving this mail because:
You are watching all bug changes.
