Bug 422228

Summary:	plasmashell has QML debugging enabled
Product:	[Plasma] plasmashell	Reporter:	Fabian Vogt <fabian>
Component:	general	Assignee:	Bhushan Shah <bshah>
Status:	RESOLVED FIXED
Severity:	normal	CC:	kde, plasma-bugs-null
Priority:	NOR
Version First Reported In:	master
Target Milestone:	1.0
Platform:	openSUSE
OS:	Linux
Latest Commit:	https://invent.kde.org/plasma/plasma-workspace/commit/dd24739479b33263c1016ec3938d4c81abdc981a	Version Fixed/Implemented In:
Sentry Crash Report:

Description Fabian Vogt 2020-05-29 13:55:28 UTC

When starting plasmashell, it prints

QML debugging is enabled. Only use this in a safe environment.

Most likely caused by 5f2abe1e676efd6d027a05261ab4d83da32eb459 in p-w.

If this is security relevant, it has to be disabled. If not, it should disable the warning message.

Comment 1 David Edmundson 2020-05-29 14:11:01 UTC

The message is from Qt.

I don't see how it's a security issue. It doesn't do actively do anything till one adds -qmljsdebugger to the args starting it. 

But we should do something.

Comment 2 David Edmundson 2020-06-10 08:22:19 UTC

Git commit dd24739479b33263c1016ec3938d4c81abdc981a by David Edmundson.
Committed on 09/06/2020 at 20:08.
Pushed by davidedmundson into branch 'Plasma/5.19'.

Guard QQmldebuggingEnabled by an env var

I don't understand why QQmlDebuggingEnabler prints a warning, it's no
less secure until other command line args are passed.

However the warning is scary, so lets put a guard on it.

M  +3    -1    shell/main.cpp

https://invent.kde.org/plasma/plasma-workspace/commit/dd24739479b33263c1016ec3938d4c81abdc981a