Unauthenticated user can modify the background in a widget-lock-screen
Reindl Harald
h.reindl at thelounge.net
Sat Mar 16 22:30:27 UTC 2013
Am 16.03.2013 23:21, schrieb Kevin Kofler:
> Gilboa Davara wrote:
>> While testing 4.10/f17 I decided to try out the new lock screen.
>> The widget lock screen is indeed nice, but there's a major security issue:
>> An unauthenticated user can access the lock-screen setting and change the
>> background. (cashew->settings).
>
> Changing the background is a "major security issue"?!
without testing it personally:
it can get easily become one if you can open a file-dialog
in special cirumstances - so to be safe the only allowed
action in the lockscreen should be enter the password
look at the news of the last few months from Samsung and
Apple Smartphones to bypass the lockscreen, that is what
i mean with "special cirumstances"
there where so many tricky exploits which left my mouth
open with a "uhm how comes someone to THAT idea" that
i started to get very paramoid if it comes to security
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/kde/attachments/20130316/f5ff0ffc/attachment.sig>
More information about the kde
mailing list