On Sun, Mar 17, 2013 at 12:21 AM, Kevin Kofler <kevin.kofler@xxxxxxxxx> wrote: > Gilboa Davara wrote: >> While testing 4.10/f17 I decided to try out the new lock screen. >> The widget lock screen is indeed nice, but there's a major security issue: >> An unauthenticated user can access the lock-screen setting and change the >> background. (cashew->settings). > > Changing the background is a "major security issue"?! *Of-course* it is! Cashew -> settings -> add -> file dialog opens.... and you have complete (!) access to the machine's file system. > > I wonder whether adding ihatethecashew to the widget lock screen would work. > (I guess not, it needs to declare that it is safe for the lock screen to be > authorized.) Interesting idea. > > Kevin Kofler In-short, sounds like an upstream bug. I'll report it and post a link. - Gilboa _______________________________________________ kde mailing list kde@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kde New to KDE4? - get help from http://userbase.kde.org
