Use seccomp for implementing a sandbox for kscreenlocker_greet
Summary: This change introduces a new optional dependency on libseccomp. Libseccomp allows to forbid syscalls. With that we can constrain the user defined dynamically loaded QtQuick code from the look'n'feel package and from the wallpaper package. The idea is to protect against "malicious" packages the user manually installed. With the installed seccomp filter we can ensure that the QtQuick code cannot perform the following operations: * send password into Internet through forbidding the socket syscall * use KIO to send password into Internet through forbidding fork+exec * write password into a file through forbidding opening a file in write mode or creating a new file * send password to another process through forbidding pipe/pipe2 So far our QtQuick code was already constrained by disallowing network access through injecting a QNetworkAccessManager which forbids internet access. But this was easy to circumvent through e.g. KIO. The secco...
parent
07d38ba6
Please register or sign in to comment