mak added a subscriber: mak. mak added a comment. In https://phabricator.kde.org/D797#15210, @davidedmundson wrote:
> This breaks every user's backup script by having root files in the user's > home. So I am very much not happy with this idea at all. > Especially as it acheives very little anyway, if you have a malicious app on > your system - why on Earth does it want to modify your lock screen settings > when it has access to everything the user has already? > > We want to sandbox apps that might misbehave from the user, not elevate user > processes above the user. I must agree with David on this, generally having root own files in /home is a terrible idea. One solution that might work is to move the whole configuration file out of home and into `/etc/kde/plasma-screenlocker/<username-or-uid>/config` and have the KCM write to that file and have the screenlocker read information from there. It's still a hack, but I think it's a better one than having rood fiddle with stuff in /home. On the general usecase, I think it really adds just marginal additional security, and personally I would ignore this particular attack vector with the same reasoning @davidedmundson already outlined. On the other hand though, every bit of additional security might be a good thing, and a fully-sandboxed world won't happen on the Linux desktop within the next years, so if a good solution can be found, we should use it. REPOSITORY rKSCREENLOCKER KScreenLocker REVISION DETAIL https://phabricator.kde.org/D797 EMAIL PREFERENCES https://phabricator.kde.org/settings/panel/emailpreferences/ To: graesslin, bshah, colomar, davidedmundson Cc: mak, plasma-devel _______________________________________________ Plasma-devel mailing list Plasma-devel@kde.org https://mail.kde.org/mailman/listinfo/plasma-devel
