Announcement

Collapse
No announcement yet.

10 Year Old KDE Bug Finally Gets Fixed

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally posted by Awesomeness View Post
    Hopefully 4.11 will finally have a complete port of the taskbar: http://techbase.kde.org/Schedules/KD...1_Feature_Plan
    From what I understand, it is essentially done now, but it wasn't done in time for the feature freeze so it didn't get in.

    Comment


    • #32
      Originally posted by TheBlackCat View Post
      From what I understand, it is essentially done now, but it wasn't done in time for the feature freeze so it didn't get in.
      Then I don't understand why the author didn't release it standalone.

      Comment


      • #33
        Originally posted by markg85 View Post
        The 10 year old bug isn't very bad since apparently it went unnoticed for 10 years
        That's Windows thinking right there. Isn't the point to catch these bugs quickly?

        Comment


        • #34
          Originally posted by gamerk2 View Post
          That's Windows thinking right there. Isn't the point to catch these bugs quickly?
          The point is to fix caught bugs quickly.

          Comment


          • #35
            Originally posted by GreatEmerald View Post
            The point is to fix caught bugs quickly.
            Taking that logic to its logical conclusion: How can anyone make the claim their OS is "safer", since bugs that are not caught do not get fixed?

            Comment


            • #36
              Originally posted by GreatEmerald View Post
              The point is to fix caught bugs quickly.
              So why does kwallet still not unlock on login?

              https://bugs.kde.org/show_bug.cgi?id=92845

              Another one from 2004…

              Comment


              • #37
                Originally posted by ChrisXY View Post
                So why does kwallet still not unlock on login?

                https://bugs.kde.org/show_bug.cgi?id=92845

                Another one from 2004…
                It's not a bug, it's a feature request.

                Comment


                • #38
                  Some people™ would consider it a usability bug.

                  Comment


                  • #39
                    Originally posted by ChrisXY View Post
                    Some people™ would consider it a usability bug.
                    Automatic unlocking of KWallet at login is almost as insecure as storing passwords in plaintext: https://bugs.kde.org/show_bug.cgi?id=92845#c129

                    If one does not want to be bothered by KWallet authentication requests, simply set no KWallet password and KWallet will silently open in the background when needed.

                    Comment


                    • #40
                      If I have no password set, anyone with physical/root access can open it, even if I'm not logged in, right?

                      If I have a password set but it is the same as my login passwort an attacker would need me to be logged in.

                      The problem is: I first type my password in the login manager and then immediately after that korganizer requests the kwallet passwort to sync the google calendar. Or maybe networkmanager needs the password for the wireless lan.

                      Gnome/gdm can do it. KDE can't. There were some patches floating around somewhere doing something with pam but nobody bothered to implement it in kwallet directly because ksecrets/ksecretservice would be replacing kwallet anyway.

                      Comment


                      • #41
                        Originally posted by ChrisXY View Post
                        If I have no password set, anyone with physical/root access can open it, even if I'm not logged in, right?
                        If the KWallet password is automatically the same as the user login password, anyone with physical/root access can simply change the user password or alternatively plant a script that reads the contents of KWallet right after login.
                        If you are concerned about people having physical access to your PC, go full-disk encryption instead.

                        Comment


                        • #42
                          Originally posted by Awesomeness View Post
                          If the KWallet password is automatically the same as the user login password, anyone with physical/root access can simply change the user password
                          The kwallet password is the same as the login password, but separately set. It could just work together that for this case one only needs one login and changing the user password would not touch kwallet's password.

                          Originally posted by Awesomeness View Post
                          or alternatively plant a script that reads the contents of KWallet right after login.
                          How is that much worse than a script that just waits for kwallet to open and reads it then?

                          Comment


                          • #43
                            Originally posted by ChrisXY View Post
                            How is that much worse than a script that just waits for kwallet to open and reads it then?
                            The longer a script has to sit and way, the higher the chance of detecting it.

                            And even if it was not worse: I see no point developing a KWallet feature that is not superior to the current way.
                            Again: If you are concerned about strangers with physical access to your PC, use full disk encryption.

                            Comment


                            • #44
                              Originally posted by Awesomeness View Post
                              The longer a script has to sit and way, the higher the chance of detecting it.

                              And even if it was not worse: I see no point developing a KWallet feature that is not superior to the current way.
                              Again: If you are concerned about strangers with physical access to your PC, use full disk encryption.
                              Please correct me if I'm wrong:
                              If KWallet password is not set, KWallet content is not encrypted. If my laptop is stolen, KWallet content can be read.
                              If KWallet password is set to the user password, KWallet content is encrypted. One can change the user password, but it won't decrypt KWallet content (root can't change KWallet password). If my laptop is stolen, KWallet content cannot be read. If user changes its user password, it must change KWallet password separately (or the GUI must do it for him at least), and the original password is necessary for this.

                              The keylogger point is completely moot. If you have one on your PC, your doomed, whether it takes 0 or 5min between your login and the opening of the KWallet content.

                              I personally think that one-step login and off-line protection is a useful feature.

                              Comment


                              • #45
                                Originally posted by erendorn View Post
                                Please correct me if I'm wrong:
                                If KWallet password is not set, KWallet content is not encrypted. If my laptop is stolen, KWallet content can be read.
                                Not with full disk encryption.

                                Originally posted by erendorn View Post
                                I personally think that one-step login and off-line protection is a useful feature.
                                It's definitively a feature request and not a bug and the claim that it's a bug is the reason why it was even mentioned here in the first place.

                                Comment

                                Working...
                                X