https://bugs.kde.org/show_bug.cgi?id=314989
--- Comment #35 from Martin Gräßlin <mgraess...@kde.org> --- (In reply to Luke-Jr from comment #34) > Don't applications need user privileges to call dbus commands in the first > place? If they have dbus access, they can access anything else already, so what? What does an insecurity in another area say that we should make the lock screen insecure? > or > even ptrace ksmserver to shut it off the hard way. No? Good point: ksmserver needs ptrace protection like it's already the case in kwin_wayland (which holds the lockscreen in the Wayland session). But again: a vulnerability in another area is not an argument to add a vulnerability in another area. We want to fix that mess. -- You are receiving this mail because: You are watching all bug changes.
