Diffusion KScreenLocker 7720e8486337

Forbid more syscalls which could modify the filesystem
7720e8486337
Actions

Authored by davidk on Nov 11 2017, 7:10 AM.

Description

Forbid more syscalls which could modify the filesystem

Summary:
Forbid more syscalls. An malicious theme could create directories with the
password as name, or encode the password in chmod bits. Also, prevent
deleting anything, so a theme can't delete the users files.

Test Plan:

  • Autotests run fine
  • Started sceenlocker, unlocked, created a new session. Got no seccomp violations in dmesg and everything worked fine.
  • Didn't test it with the nvidia driver

Reviewers: graesslin

Reviewed By: graesslin

Subscribers: plasma-devel

Tags: Plasma

Differential Revision: https://phabricator.kde.org/D8756

Details

Committed
davidkNov 11 2017, 7:55 AM
Reviewer
graesslin
Differential Revision
D8756: Forbid more syscalls which could modify the filesystem
Parents
R133:0f9a10fa308f: SVN_SILENT made messages (.desktop file) - always resolve ours
Branches
Unknown
Tags
Unknown

Changes (2)

PathPackages
Mgreeter/autotests/seccomp_test.cpp
Mgreeter/seccomp_filter.cpp

R133:7720e8486337

View Options

greeter/autotests/seccomp_test.cpp

Loading...
View Options

greeter/seccomp_filter.cpp

Loading...