Plasma and KDE apps security and how can it be improved?

General
,
1

Hi,

I’ve got couple of question regarding security and I kindly ask you to spare some time to answer them (if possible):

  • any updates on fixing/implementing permission control for the screenshot portal https://invent.kde.org/plasma/xdg-desktop-portal-kde/-/issues/7. A lot of security focus sites a currently recommending to use only GNOME because of the seriousness of the issue;
  • are non-Flatpak KDE apps sanboxed? In particual Gwenview, Ark and Okular. GNOME counterparts are, in some extent (Loupe and Papers). Also, their thumbnailer is also sanboxed which is nice;
  • any plans on using more of Rust to rewrite parts of Plasma or some apps?;
  • KDE Wallet… I really wish that I don’t need to set a blank password if I turn on auto-login…

I hope the work on the KDE Linux is going as planned. I like the Goals on https://community.kde.org/KDE_Linux. Can you maybe provide more info on will you be implementing systemd-boot and selinux or some other solution?

Also, I would like to contribute to KDE Linux at least as a tester. Can someone point me in the right direction?

Thank you.

2

I think also Plasmoid and themes are potential security issue. If installing unknown Plasmoid/widget, you don’t know what it can do in the background.

3

Correct. I hope that the newly announced Plasma Next and KDE Union projects will fix the theming in a secure way.

4

Hi!

Development is in the open - there’s some fairly recent activity on that topic that you can view at the link you found :slight_smile:

Regarding KDE Linux, I think Nate’s commentary from a few months ago still holds:

If you’re interested in contributing at this stage, the Matrix channel - #kde-linux:kde.org - may be a good place to jump in :slight_smile:

1 Like
5

Will do :grinning_face_with_smiling_eyes:
Thank you!

6

From the ticket it looks as if this has been resolved.

Apparently switching to version 2 of the backend interface ensures that the portal frontend is taking care of the permission handling (the same way it already does for other backend implementations).

Probably more a question of whether this has already made it into a release.

1 Like
7

I hope it has. :grinning_face_with_smiling_eyes:

Guys at https://www.privacyguides.org/en/os/linux-overview/#permission-controls and https://privsec.dev/posts/linux/choosing-your-desktop-linux-distribution/ are currently recommending only GNOME as the “secure” option for a DE. I really hope that changes soon.

Tnx for the info!

I’ve joined the Matrix channel and I’m installing KDE Linux on a backup laptop as we speak :partying_face: