| Summary: | Wallpaper can be changed when desktop has been locked down | ||
|---|---|---|---|
| Product: | [Unmaintained] kdesktop | Reporter: | Martin Woolley <sysadmin> |
| Component: | general | Assignee: | David Faure <faure> |
| Status: | CLOSED UNMAINTAINED | ||
| Severity: | grave | CC: | finex, kolourpaint-support, krammer |
| Priority: | NOR | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Fedora RPMs | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed In: | ||
| Sentry Crash Report: | |||
| Attachments: |
Check if associated config entry is immutable
Improved patch for bgsettings.h/.cpp Check if setWallpaper is allowed New bgsettings.h/.cpp patch Check if setting wallpaper, cache or common is allowed React on changes to the access restrictions Add canSetWallpaper to DCOP interface |
||
|
Description
Martin Woolley
2005-10-05 13:38:17 UTC
Kiosk security problem -> raising severity. Martin: can you open a bug report for KolourPaint as well? Bug #113969 is the KolourPaint bug. Could the kdesktop developers please add an interface (DCOP?) that: 1. tells me whether the user is authorised to change wallpaper 2. signals programs when authorisation to change wallpaper is changed (i.e. user can now change wallpaper but could not before) Created attachment 13400 [details]
Check if associated config entry is immutable
First attempt at fixing the bug.
Denies changing the properties if the respective config entry is set to be
immutable (or the group or whole config)
Tested changing wallpaper by DCOP and D&D, but none of the other properties
Created attachment 13406 [details]
Improved patch for bgsettings.h/.cpp
Fixes a bug in the previous patch.
Also moves the immutable check to separate methods so that it can be queried
from outside.
Removes the logging, this can now be done in the applications using the
classes, which means when included in KControl it doesn't log as kdesktop as
the previous patch did.
Setter methods still call the canSetXXX methods themselves to make sure they do
not change immutable settings.
Created attachment 13415 [details]
Check if setWallpaper is allowed
Adds checks to the setWallpaper methods of KDesktop's background manager, e.g
to the methods that are the implementations of the DCOP interface
KBackgroundIface.
Also adds kdDebug output in the case the setting is not allowed.
Might it be better to use kdWarn?
Methods canSetWallpaper() and canSetWallpaper(int desk) could be included in
the DCOP interface, but this would require adding virtual methods to
KBackgroundIface.h and I wasn't sure about the binary compatability policy of
application classes like background manager.
The context menu action for setting the wallpaper seems to come somewhere from
libkonq, maybe someone who knows there way around there could have a look at
this if hiding/disabling the action is required.
Created attachment 13477 [details]
New bgsettings.h/.cpp patch
Using KConfigGroup instead of KConfigGroupSaver after someone on kde-core-devel
pointed out that it would be better for KDE4 porting.
Hmm, kdesktop uses a KConfigXT generated class for the global values but doesn't check their restrictions. Reworking patch stay tuned Created attachment 13482 [details]
Check if setting wallpaper, cache or common is allowed
This has the checks for the restrictable properties and also some modifications
to notify the KDesktop class when the configuration changes.
This is used in the desktop patch to adjust the icon view's maySetWallpaper
property
Created attachment 13483 [details]
React on changes to the access restrictions
Uses the signals provided by the background manager to adjust action
visibility.
Created attachment 13484 [details]
Add canSetWallpaper to DCOP interface
Optional patch that allows querying the setWallpaper restriction status through
DCOP
Kdesktop is no more mantained. Fortunatly this bug seems not to be valid for KDE 4. Please reopen if this bug is not a kdesktop one (and it is not solved) or it can be reproduced on KDE 4. Bug closed. Kdesktop is no more mantained. |