Bug 437984

Summary: Screen locker's window should not be scriptable
Product: [Plasma] kwin Reporter: Piotr Dobrogost <bugs.kde.org>
Component: scriptingAssignee: KWin default assignee <kwin-bugs-null>
Status: CONFIRMED ---    
Severity: normal CC: bshah, kde, nate
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Piotr Dobrogost 2021-06-02 09:34:48 UTC 
"There's no reason for any script ever to apply to the screenlocker, and it should especially not be possible for it to make other content shine through." from kwin-tiling's issue titled "Screen locker is tiling" (https://github.com/kwin-scripts/kwin-tiling/issues/244)
Comment 1 Nate Graham 2021-06-09 19:29:13 UTC 
Marking as Critical as this is quite security-relevant.
Comment 2 Piotr Dobrogost 2024-10-18 07:19:27 UTC 
As Nate wrote previously "this is quite security-relevant", isn't it?
Why has severity of this issue been lowered?
Comment 3 David Edmundson 2024-10-18 09:42:37 UTC 
It is absolutely not security relevant in any way. 
A script that can move a screenlocker can also just unlock the screen. 

It's open because it's one less path to have accidental mistakes for 3rd parties, and something we can change but it is not a bug.