What | Removed | Added |
---|---|---|
CC | sor.alexei@meowr.ru |
(In reply to Matthias Gerstner from comment #3) > The D-Bus interface is rather small but strangely completely unauthenticated. > It allows all local users (included nobody et al) to e.g. lock an active > session or switch between sessions. Also the creation of a session seems in > reach, however in my tests it failed for some reason that I don't fully > understand. > > Maybe we can configure something in our packaging that leaves less attack > surface there ... CC'ing maintainer