Mailinglist Archive: opensuse-bugs (2746 mails)

< Previous Next >
[Bug 794705] AUDIT-0: Request review of package lightdm-kde-greeter in repo KDE:Distro:Factory

https://bugzilla.novell.com/show_bug.cgi?id=794705

https://bugzilla.novell.com/show_bug.cgi?id=794705#c5


--- Comment #5 from Sebastian Krahmer <krahmer@xxxxxxxx> 2013-06-04 03:04:15
UTC ---
I cannot see that it exposes any DBUS services, it seems to
be somehow started as plugin (probably by some other DBUS
service) and just checks for org.kde.kcontrol.kcmlightdm.save.

As this is auth_admin_keep, it can get that polkit permission.

However the greeter itself seems to be vulnerable to race condition:

void GreeterWindow::screenshot()
{
QPixmap pix = QPixmap::grabWindow(winId());

QString path =
QDir::temp().absoluteFilePath("lightdm-kde-greeter-screenshot.png");
bool ok = pix.save(path);
if (ok) {
kDebug() << "Saved screenshot as" << path;
} else {
kWarning() << "Failed to save screenshot as" << path;
}
}


looks like you can smash arbitrary files with this
(Ctrl+Alt+S for screendump), depending on how safe QPixmap handles
its files, but I doubt its secure.

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >