Version: (using KDE KDE 3.5.8) Installed from: SuSE RPMs Start KDE, login, run OOffice-Writer, start new session, login as the same user, run OOWriter, OOImpress, OOCalc. Nothing? Logout. Now you will find all those apps running fine at the first session. This is bug for sure, but I don't know if this is security issue -- of course in this case the user is the same, but shouldn't memory&data be separated anyway?
OOffice most likely finds a previous process, and activates that. And no, there is no separation, and that has 0 to do with KDE --- it's the same user, the only thing that's different is the DISPLAY environment variable that tells what user to talk to. Not a KDE bug, IMHO
Further testing confirms that. OpenOffice bug --- it shares processes across different DISPLAY's
Maksim, ok, so this is not security issue, but for the rest of this issue -- OOffice behaves nasty, true, but KDE should prevent such things. Could you please change to it a wish then? Thank you.
Btw. I reported it to OO bugzilla: http://www.openoffice.org/issues/show_bug.cgi?id=85194
There is absolutely no sane way KDE can prevent such things.
A little "cheating" with DISPLAY? Maksim, I hope you understand me -- imho KDE as desktop environment should protect user from any fancy/malicious/buggy/bad/etc. window behaviour. So if I set policy A there should be now way app would violate it. Like in this case.
You severely overestimate abilities of a DE. What happens is this: 1. You start session #1. That starts X :0, and sets DISPLAY=:0 2. a bunch of apps run, etc. 3. You run OpenOffice. It connects to X :0, since the DISPLAY=:0 4. You start session #2. That starts X :1, sets DISPLAY=:1 5. a bunch of KDE apps, etc. run. They connect to DISPLAY=:1. 6. You try to start OpenOffice. It notices itself already running, and tells the old copy to open a new window, which it promptly does, using the :0 display. There is no KDE involvement in this step. None. KDE doesn't see anything whatsoever.
Could KDE intercept DISPLAY information -- internally keep track of good data, but for any app show it as display 0? Ugly, but since app is allowed to such low level info...
Wouldn't work. The old (and one and only) openoffice process has the socket open to the old X server.