Unset environment variables before starting kwin_wayland

Review Request #126115 - Created Nov. 19, 2015 and discarded

Information
Martin Flöser
plasma-workspace
Plasma/5.5
Reviewers
plasma
davidedmundson, matthiask
Any environment variable which can be used to specify a path to a
binary object to be loaded in the KWin process bears the risk of
being abused to add code to KWin to perform as a key logger.

E.g. an env variable pointing QT_PLUGIN_PATH to a location in $HOME
and adjusting QT_STYLE_OVERRIDE to load a specific QStyle plugin from
that location would allow to easily log all keys without KWin noticing.

As env variables can be specified in scripts sourced before the session
starts there is not much KWin can do about that to protect itself.

This affects all the LD_* variables and any library KWin uses and
loads plugins.

The list here is based on what I could find:
* LD_* variables as specified in the man page
* LIBGL_* and EGL_* as specified on mesa page
* QT_* variables based on "git grep qgetenv" in qtbase and qtdeclarative
  combined with Qt's documentation
* "git grep getenv" in various KDE frameworks based on ldd output of KWin

Unfortunately the list is unlikely to be complete. If one env variable is
missed, there is a risk. Even more each change in any library might
introduce new variables.

The approach is futile, but needed till Linux has a secure way to start
the session without sourcing env variable scripts from user owned
locations.

  
Sebastian Kügler
Matthias Klumpp
Matthias Klumpp
Marco Martin
Martin Flöser
Review request changed

Status: Discarded

Loading...