Rex Dieter
9 years ago
parent
433525d770
commit
d811c96219
@ -0,0 +1,39 @@
|
|||||||
|
From 4cfed6b0a625593fb43876f04badc4dd99799d86 Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Edmundson <kde@davidedmundson.co.uk>
|
||||||
|
Date: Wed, 14 Oct 2015 00:08:59 +0100
|
||||||
|
Subject: [PATCH 12/13] Disable greeters from loading KDE's debug hander
|
||||||
|
|
||||||
|
Some themes may use KDE components which will automatically load KDE's
|
||||||
|
crash handler.
|
||||||
|
|
||||||
|
If the greeter were to then somehow crash, that would leave a crash
|
||||||
|
handler allowing other actions, albeit as the locked down SDDM user.
|
||||||
|
|
||||||
|
Only SDDM users using the breeze theme from plasma-workspace are
|
||||||
|
affected. Safest and simplest fix is to handle this inside SDDM
|
||||||
|
disabling kcrash via an environment variable for all future themes that
|
||||||
|
may use these libraries.
|
||||||
|
|
||||||
|
CVE-2015-0856
|
||||||
|
---
|
||||||
|
src/daemon/Greeter.cpp | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/daemon/Greeter.cpp b/src/daemon/Greeter.cpp
|
||||||
|
index 68c4dc3..8c936b7 100644
|
||||||
|
--- a/src/daemon/Greeter.cpp
|
||||||
|
+++ b/src/daemon/Greeter.cpp
|
||||||
|
@@ -145,6 +145,10 @@ namespace SDDM {
|
||||||
|
env.insert(QStringLiteral("XDG_VTNR"), QString::number(m_display->terminalId()));
|
||||||
|
env.insert(QStringLiteral("XDG_SESSION_CLASS"), QStringLiteral("greeter"));
|
||||||
|
env.insert(QStringLiteral("XDG_SESSION_TYPE"), m_display->sessionType());
|
||||||
|
+
|
||||||
|
+ //some themes may use KDE components and that will automatically load KDE's crash handler which we don't want
|
||||||
|
+ //counterintuitively setting this env disables that handler
|
||||||
|
+ env.insert(QStringLiteral("KDE_DEBUG"), QStringLiteral("1"));
|
||||||
|
m_auth->insertEnvironment(env);
|
||||||
|
|
||||||
|
// log message
|
||||||
|
--
|
||||||
|
2.5.0
|
||||||
|
|
||||||
Loading…
Reference in new issue