ChaniBlog











{March 4, 2009}   screensaver security

woo! I’m finally getting that security code written. I can’t remember when, but sometime in february I made the screensaver’s appletbrowser not show anything from the “application launchers” or “windows and tasks” groups. as of today it can also exclude plasmoids based on their requirements (so long as they tell the truth about what their requirements are) and tell plasmoids what features are forbidden. I’ve used this to make the comic applet safe again. :) for 4.3 it won’t show that “save as” option when it’s on the screensaver.

other requirements will be defined soon… I’ll have a look at what applets are doing, and add stuff as I go… I think the next one will be turning off KRun. having windows open underneath the screensaver isn’t strictly a security risk, but it would still be annoying to find a dozen of them when you unlock your screen.

I’ll mention the added constraints on plasma-devel as I go so that developers can update their plasmoids.



Lincoln says:

Nice! Wouldn’t have thought of this :)



g says:

“so long as they tell the truth about what their requirements are”

I like the idea (of your blog post), but the line above worries me: if someone decides to write an evil plasmoid then he may decide to not tell the truth about the requirements of the plasmoid, so plasmoids could be run that are telling that they behave well while in reality they are not.

Another problem may arise when “telling plasmoids what features are forbidden”: are they forced to obey? how? and what if some features in the plasmoid are implemented more low-level (for example writing to a file using fprintf instead of using QFile)?

I don’t know how this stuff is implemented, so maybe I am just worrying about non-existing problems.



mat69 says:

@g: On the “evil” plasmoids part: Everything you install could be evil. Everything you install could be a virus.

This feature is not intended to end the days of viruses, it rather makes it possible to turn features of plasmoids off as needed. In fact every plasmoid has to implement that. Other ways would be too much work (hardly possible) I think.

The scripted plasmoids could be secured differently depending on what security-features are supported by the languages.

PS.: Just spoted that small smile. :)



TheBlackCat says:

In order for an evil plasmoid to be a problem in the screensaver mode, it would have to have some sort of hidden security hole that is known to someone other than the computer user but who still has physical access to the computer when the user is not around, and it would have to be a security hole that the user does not know about, and the user would have to be somehow convinced to add it to their screensaver by hand. Although that is plausible it unlikely enough that it not a serious concern.



Chani says:

someday there will be other security implemented to deal with hte “evil” plasmoids. that’ll include stuff like gpg signing and locking down the scripted applets (c++ ones will always be able to do bad things if they want to).

this stuff is just meant to be good-enough for the screensaver, because I can’t wait for someone to come along and implement full security.



g says:

Thanks for your answer (and also thank you for what you have already implemented, I appreciate it very much). Maybe it would be a good idea to add a warning message at the bottom of the “Add widgets” dialog (in screensaver mode) stating that adding plasmoids to the screensaver may be a risk to security.



kwilliam says:

Chani,
Thanks for all your work on Plasmoids for the Screen Saver! I posted a screenshot on kde-look.org showing how that feature is helping me: http://kde-look.org/content/show.php?content=101940
William



Chani says:

awesome :)
btw, a couple of people have told me they were going to make a kmix plasmoid, but nothing ever came of it… actually I think we even had a soc proposal for it. it’s definitely a needed plasmoid, but I’m beginning to wonder if anyone will ever actually really do it…



Comments are closed.

et cetera
%d bloggers like this: