Bugzilla – Bug 1146831
AUDIT-FIND: kcm_sddm: should the auth helper created the sddm user's home directory?
Last modified: 2019-11-19 09:01:14 UTC
+++ This bug was initially created as a clone of Bug #1145182
The kcm_sddm auth helper creates the directory pointed to by the
"sddmUserConfig" parameter, if it is not existing. This means the "sddm" home
directory might be created by this auth helper using the default umask (i.e.
it will be world readable). Is it really this auth helper's job to create this
directory? And if so, shouldn't it be better protected?
With the upstream change the auth helper no longer executes when the "sddm"
home directory is an empty string. This should address the issue.