437984 – Screen locker's window should not be scriptable

Bug 437984 - Screen locker's window should not be scriptable

Summary: Screen locker's window should not be scriptable

Status:	CONFIRMED

Alias:	None

Product:	kwin
Classification:	Plasma
Component:	scripting (other bugs)
Version First Reported In:	unspecified
Platform:	Other Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	KWin default assignee

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-06-02 09:34 UTC by Piotr Dobrogost
Modified:	2024-10-18 09:42 UTC (History)
CC List:	3 users (show)

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Piotr Dobrogost 2021-06-02 09:34:48 UTC

"There's no reason for any script ever to apply to the screenlocker, and it should especially not be possible for it to make other content shine through." from kwin-tiling's issue titled "Screen locker is tiling" (https://github.com/kwin-scripts/kwin-tiling/issues/244)

Comment 1 Nate Graham 2021-06-09 19:29:13 UTC

Marking as Critical as this is quite security-relevant.

Comment 2 Piotr Dobrogost 2024-10-18 07:19:27 UTC

As Nate wrote previously "this is quite security-relevant", isn't it?
Why has severity of this issue been lowered?

Comment 3 David Edmundson 2024-10-18 09:42:37 UTC

It is absolutely not security relevant in any way. 
A script that can move a screenlocker can also just unlock the screen. 

It's open because it's one less path to have accidental mistakes for 3rd parties, and something we can change but it is not a bug.