Mailinglist Archive: opensuse-bugs (2746 mails)

< Previous Next >
[Bug 794705] AUDIT-0: Request review of package lightdm-kde-greeter in repo KDE:Distro:Factory

--- Comment #5 from Sebastian Krahmer <krahmer@xxxxxxxx> 2013-06-04 03:04:15
UTC ---
I cannot see that it exposes any DBUS services, it seems to
be somehow started as plugin (probably by some other DBUS
service) and just checks for

As this is auth_admin_keep, it can get that polkit permission.

However the greeter itself seems to be vulnerable to race condition:

void GreeterWindow::screenshot()
QPixmap pix = QPixmap::grabWindow(winId());

QString path =
bool ok =;
if (ok) {
kDebug() << "Saved screenshot as" << path;
} else {
kWarning() << "Failed to save screenshot as" << path;

looks like you can smash arbitrary files with this
(Ctrl+Alt+S for screendump), depending on how safe QPixmap handles
its files, but I doubt its secure.

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >