Security review of Plasma Login Manager (SUSE Security Team Blog)
Date:
Wed, 29 Apr 2026 14:20:46 +0000
Description:
SUSE's Security Team has published a detailed
blog post on their recent review of the Plasma
Login Manager version 6.6.2 ,
which was forked from the SDDM display
manager . While most of the code remains the
same , the new upstream added a privileged D-Bus helper called plasmaloginauthhelper , which suffers from defense-in-depth
security issues . [...] Based on the high severity of the defense-in-depth issues
shown in this report, our assessment is that there is effectively no
separation between root and the plasmalogin service user account. At this
time there is no bugfix available by upstream, but a
security fix is planned for the next Plasma release on May 12. We have
not been involved in upstream's bugfix process so far and have no
knowledge about the approach that will be taken to address the issues
from this report.
======================================================================
Link to news story:
https://lwn.net/Articles/1070434/
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)