Disable greeters from loading KDE's debug hander

Some themes may use KDE components which will automatically load KDE's crash handler. If the greeter were to then somehow crash, that would leave a crash handler allowing other actions, albeit as the locked down SDDM user. Only SDDM users using the breeze theme from plasma-workspace are affected. Safest and simplest fix is to handle this inside SDDM disabling kcrash via an environment variable for all future themes that may use these libraries. CVE-2015-0856
sddm · Oct 14, 2015 · 4cfed6b · 4cfed6b
1 parent c637727
commit 4cfed6b
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/src/daemon/Greeter.cpp b/src/daemon/Greeter.cpp
@@ -145,6 +145,10 @@ namespace SDDM {
             env.insert(QStringLiteral("XDG_VTNR"), QString::number(m_display->terminalId()));
             env.insert(QStringLiteral("XDG_SESSION_CLASS"), QStringLiteral("greeter"));
             env.insert(QStringLiteral("XDG_SESSION_TYPE"), m_display->sessionType());
+
+            //some themes may use KDE components and that will automatically load KDE's crash handler which we don't want
+            //counterintuitively setting this env disables that handler
+            env.insert(QStringLiteral("KDE_DEBUG"), QStringLiteral("1"));
             m_auth->insertEnvironment(env);
 
             // log message