Results 1 to 6 of 6

Thread: A huge security flaw in KDE/Kubuntu!

  1. #1
    Join Date
    Jun 2009
    Beans
    132
    Distro
    Ubuntu 9.10 Karmic Koala

    Exclamation A huge security flaw in KDE/Kubuntu!

    I got more or less shocked today while I was making an extra account for private use. This is where I'm going to work with very personal and private data about me and my work, so if I need to go away from the computer, I'll either lock the session or switch to my default account until I get back. Or Especially if someone needs to access my computer for a short while.

    While either locking the screen/session, or switching between the accounts, normally you should see a completely black screen with only the password prompt window in the middle. This I remember from Gnome/Ubuntu.

    In KDE/Kubuntu, sometimes a bug hits the system so the screen of the session that you're about to log back into reveals the whole desktop in the background, and some corrupt graphics is shown around the login and password field. There's no problem logging back in again, but man, anyone can just give that a try, and even without a password, they'll get a perfect glance of the active desktop while the password is being prompted; this could reveal every open document on that desktop.

    I'm pretty sure that this is a bug in KDE/Kubuntu, since this is related to the KDE lockout/user switch session manager only. I actually did like KDE/Kubuntu a lot; until I discovered this flaw. I can live with bugs here and there, but this is actually a major security breach in a multiuser environment; at least if you care about and need your privacy.

    I've added this thread to the Kubuntu community, if anyone should be interested in what they have to say about this:
    http://kubuntuforums.net/forums/inde...opic=3107547.0

  2. #2
    Join Date
    May 2005
    Location
    US
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: A huge security flaw in KDE/Kubuntu!

    Quote Originally Posted by viking_maniac View Post
    I'm pretty sure that this is a bug in KDE/Kubuntu, since this is related to the KDE lockout/user switch session manager only. I actually did like KDE/Kubuntu a lot; until I discovered this flaw. I can live with bugs here and there, but this is actually a major security breach in a multiuser environment; at least if you care about and need your privacy.
    How about filing a bug report, then?

  3. #3
    Join Date
    Jan 2008
    Beans
    438

    Re: A huge security flaw in KDE/Kubuntu!

    I found a similar security flaw once. https://bugs.launchpad.net/ubuntu/+s...er/+bug/313085. I've had trouble repeating it usually, and kind of hoping it's just gone away, but who knows.

    My advice, rely on screen lock to deny access (input) to your account. Don't rely on it to deny viewing the screen of your account.

  4. #4
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: A huge security flaw in KDE/Kubuntu!

    That sounds like a graphics driver problem, more than a security one. What graphics adapter and driver does your system use?

  5. #5
    Join Date
    Jun 2009
    Beans
    132
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: A huge security flaw in KDE/Kubuntu!

    Quote Originally Posted by cariboo907 View Post
    That sounds like a graphics driver problem, more than a security one. What graphics adapter and driver does your system use?
    I've got 8800GTS and the recommended NVIDIA 185 that came with Kubuntu.

  6. #6
    Join Date
    May 2005
    Location
    US
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: A huge security flaw in KDE/Kubuntu!

    Whether it's a graphics problem or a KDM login screen problem, you should file a bug report on it so it can be fixed. This thread alone will do nothing to fix the problem. A bug report is going to be a lot more helpful.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •