Rex Dieter
9 years ago
parent
433525d770
commit
d811c96219
@ -0,0 +1,39 @@
|
||||
From 4cfed6b0a625593fb43876f04badc4dd99799d86 Mon Sep 17 00:00:00 2001
|
||||
From: David Edmundson <kde@davidedmundson.co.uk>
|
||||
Date: Wed, 14 Oct 2015 00:08:59 +0100
|
||||
Subject: [PATCH 12/13] Disable greeters from loading KDE's debug hander
|
||||
|
||||
Some themes may use KDE components which will automatically load KDE's
|
||||
crash handler.
|
||||
|
||||
If the greeter were to then somehow crash, that would leave a crash
|
||||
handler allowing other actions, albeit as the locked down SDDM user.
|
||||
|
||||
Only SDDM users using the breeze theme from plasma-workspace are
|
||||
affected. Safest and simplest fix is to handle this inside SDDM
|
||||
disabling kcrash via an environment variable for all future themes that
|
||||
may use these libraries.
|
||||
|
||||
CVE-2015-0856
|
||||
---
|
||||
src/daemon/Greeter.cpp | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/daemon/Greeter.cpp b/src/daemon/Greeter.cpp
|
||||
index 68c4dc3..8c936b7 100644
|
||||
--- a/src/daemon/Greeter.cpp
|
||||
+++ b/src/daemon/Greeter.cpp
|
||||
@@ -145,6 +145,10 @@ namespace SDDM {
|
||||
env.insert(QStringLiteral("XDG_VTNR"), QString::number(m_display->terminalId()));
|
||||
env.insert(QStringLiteral("XDG_SESSION_CLASS"), QStringLiteral("greeter"));
|
||||
env.insert(QStringLiteral("XDG_SESSION_TYPE"), m_display->sessionType());
|
||||
+
|
||||
+ //some themes may use KDE components and that will automatically load KDE's crash handler which we don't want
|
||||
+ //counterintuitively setting this env disables that handler
|
||||
+ env.insert(QStringLiteral("KDE_DEBUG"), QStringLiteral("1"));
|
||||
m_auth->insertEnvironment(env);
|
||||
|
||||
// log message
|
||||
--
|
||||
2.5.0
|
||||
|
||||
Loading…
Reference in new issue