graesslin created this revision. Restricted Application added a project: Plasma. Restricted Application added a subscriber: plasma-devel.
REVISION SUMMARY Kcheckpass has code to throttle the invocation to prevent brute force attack. This code has been broken for years and is never executed. The condition to go into the throttle path is if the effective uid doesn't match the uid, that is kcheckpass is a setuid application. But for a few years now kcheckpass is no longer a setuid (at least when built with PAM). Given that I don't think it makes sense to still have this code around. We don't know whether it works and kcheckpass is only to be invoked from kscreenlocker_greet anyway. REPOSITORY R133 KScreenLocker BRANCH kcheckpass-no-throttle REVISION DETAIL https://phabricator.kde.org/D4753 AFFECTED FILES kcheckpass/kcheckpass.c EMAIL PREFERENCES https://phabricator.kde.org/settings/panel/emailpreferences/ To: graesslin, #plasma Cc: plasma-devel, progwolff, lesliezhai, ali-mohamed, jensreuterberg, abetts, sebas, apol
