Forbid more syscalls which could modify the filesystem
Summary: Forbid more syscalls. An malicious theme could create directories with the password as name, or encode the password in chmod bits. Also, prevent deleting anything, so a theme can't delete the users files. Test Plan: - Autotests run fine - Started sceenlocker, unlocked, created a new session. Got no seccomp violations in dmesg and everything worked fine. - Didn't test it with the nvidia driver Reviewers: graesslin Reviewed By: graesslin Subscribers: plasma-devel Tags: #plasma Differential Revision: https://phabricator.kde.org/D8756
parent
0f9a10fa
Please register or sign in to comment