Bug 457807

Summary: tell the process name
Product: [Applications] kwalletmanager Reporter: a <bugsKde>
Component: generalAssignee: Valentin Rusu <valir>
Status: RESOLVED DUPLICATE    
Severity: normal CC: bugsKde, mk.mateng, nicolas.fella
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description a 2022-08-12 15:56:41 UTC 
I find too insecure to just tell the process name who ask for wallet access. What if a rogue process takes a friendly name? We should be sure that the process who ask access is legitimate to

SUMMARY
***
NOTE: If you are reporting a crash, please try to attach a backtrace with debug symbols.
See https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports
***


STEPS TO REPRODUCE
1. 
2. 
3. 

OBSERVED RESULT


EXPECTED RESULT


SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 

ADDITIONAL INFORMATION
Comment 1 Nicolas Fella 2022-08-14 12:08:28 UTC 
What exactly do you suggest we do?
Comment 2 a 2022-08-14 13:11:38 UTC 
Something to authenticate the process asking access. To be sure that it's for a legitimate and needed purpose
Comment 3 michaelk83 2022-09-06 07:20:55 UTC 
(In reply to Nicolas Fella from comment #1)
> What exactly do you suggest we do?
KeePAssXC uses `/proc/$PID/exe` for this.
https://github.com/keepassxreboot/keepassxc/pull/6915
https://github.com/keepassxreboot/keepassxc/pull/4733#issuecomment-633679091
Comment 4 michaelk83 2022-09-06 07:33:03 UTC 
Bug 451039 is more detailed.

*** This bug has been marked as a duplicate of bug 451039 ***