On Sun, Mar 17, 2013 at 11:17 AM, Gilboa Davara <gilboad@xxxxxxxxx> wrote: > On Sun, Mar 17, 2013 at 12:21 AM, Kevin Kofler <kevin.kofler@xxxxxxxxx> wrote: >> Gilboa Davara wrote: >>> While testing 4.10/f17 I decided to try out the new lock screen. >>> The widget lock screen is indeed nice, but there's a major security issue: >>> An unauthenticated user can access the lock-screen setting and change the >>> background. (cashew->settings). >> >> Changing the background is a "major security issue"?! > > *Of-course* it is! > Cashew -> settings -> add -> file dialog opens.... and you have > complete (!) access to the machine's file system. > >> >> I wonder whether adding ihatethecashew to the widget lock screen would work. >> (I guess not, it needs to declare that it is safe for the lock screen to be >> authorized.) > > Interesting idea. > >> >> Kevin Kofler > > In-short, sounds like an upstream bug. > I'll report it and post a link. FYI https://bugs.kde.org/show_bug.cgi?id=316893 > > - Gilboa _______________________________________________ kde mailing list kde@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kde New to KDE4? - get help from http://userbase.kde.org
