> On Nov. 18, 2015, 3:40 p.m., David Edmundson wrote: > > won't make a difference, SDDM sources a tonne before we get to you. > > David Edmundson wrote: > more specifically: > > https://github.com/sddm/sddm/blob/master/data/scripts/wayland-session > > we also have anything loaded from pam_env which can include > ~/.pam_environment depending on pam_env config. > > Martin Gräßlin wrote: > that's not good. Is there a chance we can get this changed in sddm or is > that needed? > > David Edmundson wrote: > The top one, we can do. > > It will break some workflows (otherwise we wouldn't be sourcing them), > but speaking purely technically that's possible. > > The second one: > Getting the env from pam is something we *need* to do, and on almost > every distro that includes pam_env with it's hook to load user set things. > There is an option to pam_env to make it not load envs from the user dir, > but that means every distro updating their pam files. > > On arch: > -required pam_env.so > +required pam_env.so user_env=0 > > on the following files: > system-auth > system-login > > we can't change that from sddm. > > Martin Gräßlin wrote: > I see, thanks for explaining. I'll discard this review request then. It's > clearly not a solution. > > David Edmundson wrote: > Just thought of one other thing we need to consider (though is obviously > solvable) > > The formats KCM writes a small shell script > (.config/plasma-locale-settings.sh ) that gets sourced on startkde. > You need this to get the right language. Otherwise it will randomly > remove the letter "u" in words at random.
ah yeah, that one was already sourced :-( - Martin ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/126102/#review88525 ----------------------------------------------------------- On Nov. 18, 2015, 4:36 p.m., Martin Gräßlin wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://git.reviewboard.kde.org/r/126102/ > ----------------------------------------------------------- > > (Updated Nov. 18, 2015, 4:36 p.m.) > > > Review request for Plasma. > > > Repository: plasma-workspace > > > Description > ------- > > This change makes sure that the environment scripts are not sourced > before KWin is started. No user installed scripts are allowed to modify > KWin's environment as that opens an attack vector. > > For example any binary plugin loaded into KWin (be it QStyle, QPT plugin, > etc.) is able to become a key logger. If the env variables were allowed > to be sourced before KWin is started a malicious application run as user > (e.g. exploiting browser vulnerability) would be able to install a key > logger. Required steps: > 1. install a malicious QStyle plugin somewhere in $HOME > 2. place a script in env to adjust variables to load the QStyle plugin > > This would be enough to have a key logger on next login. > > Given that the startup of KWin must not be affected by any scripts > owned by user prior to startup. > > The env scripts are now sourced as first step of startplasma, so > for applications in the session there is no difference. > > > Diffs > ----- > > startkde/startplasma.cmake 8360a636d3f68c957a15158484360a611cfe3ff8 > startkde/startplasmacompositor.cmake > 8b5db615142455fd360c66504fc5d5a7754a029c > > Diff: https://git.reviewboard.kde.org/r/126102/diff/ > > > Testing > ------- > > > Thanks, > > Martin Gräßlin > >
_______________________________________________ Plasma-devel mailing list Plasma-devel@kde.org https://mail.kde.org/mailman/listinfo/plasma-devel
