Bug 457807 - tell the process name
Summary: tell the process name
Status: RESOLVED DUPLICATE of bug 451039
Alias: None
Product: kwalletmanager
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Other Linux
: NOR normal
Target Milestone: ---
Assignee: Valentin Rusu
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-08-12 15:56 UTC by a
Modified: 2022-09-06 07:33 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description a 2022-08-12 15:56:41 UTC
I find too insecure to just tell the process name who ask for wallet access. What if a rogue process takes a friendly name? We should be sure that the process who ask access is legitimate to

SUMMARY
***
NOTE: If you are reporting a crash, please try to attach a backtrace with debug symbols.
See https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports
***


STEPS TO REPRODUCE
1. 
2. 
3. 

OBSERVED RESULT


EXPECTED RESULT


SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 

ADDITIONAL INFORMATION
Comment 1 Nicolas Fella 2022-08-14 12:08:28 UTC
What exactly do you suggest we do?
Comment 2 a 2022-08-14 13:11:38 UTC
Something to authenticate the process asking access. To be sure that it's for a legitimate and needed purpose
Comment 3 michaelk83 2022-09-06 07:20:55 UTC
(In reply to Nicolas Fella from comment #1)
> What exactly do you suggest we do?
KeePAssXC uses `/proc/$PID/exe` for this.
https://github.com/keepassxreboot/keepassxc/pull/6915
https://github.com/keepassxreboot/keepassxc/pull/4733#issuecomment-633679091
Comment 4 michaelk83 2022-09-06 07:33:03 UTC
Bug 451039 is more detailed.

*** This bug has been marked as a duplicate of bug 451039 ***