https://bugzilla.novell.com/show_bug.cgi?id=794705 https://bugzilla.novell.com/show_bug.cgi?id=794705#c5 --- Comment #5 from Sebastian Krahmer <krahmer@suse.com> 2013-06-04 03:04:15 UTC --- I cannot see that it exposes any DBUS services, it seems to be somehow started as plugin (probably by some other DBUS service) and just checks for org.kde.kcontrol.kcmlightdm.save. As this is auth_admin_keep, it can get that polkit permission. However the greeter itself seems to be vulnerable to race condition: void GreeterWindow::screenshot() { QPixmap pix = QPixmap::grabWindow(winId()); QString path = QDir::temp().absoluteFilePath("lightdm-kde-greeter-screenshot.png"); bool ok = pix.save(path); if (ok) { kDebug() << "Saved screenshot as" << path; } else { kWarning() << "Failed to save screenshot as" << path; } } looks like you can smash arbitrary files with this (Ctrl+Alt+S for screendump), depending on how safe QPixmap handles its files, but I doubt its secure. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.