https://bugs.kde.org/show_bug.cgi?id=424118
Bug ID: 424118
Summary: Autostart feature abuse
Product: systemsettings
Version: 5.19.3
Platform: Other
OS: Linux
Status: REPORTED
Severity: grave
Priority: NOR
Component: general
Assignee: plasma-b...@kde.org
Reporter: lestofant...@gmail.com
Target Milestone: ---
SUMMARY
Possible security issue.
Recently I installed "microsoft team" and i notice a curious abuse of the
autostart system.
While i see this as a bug of Teams, it goes to show how prone to abuse the
autostart system is, and need to be fixed.
The program itself does not ask nothing, does not even have a proper
configuration screen, but will add itself into the "autostart" list, so it will
be run automatically after login.
This is the first red flag; a program added itself to the autostart WITHOUT my
consent.
While this is considered normal in the PC world, this is in reality a big
security/usability issue and plasma should ask for confirmation.
Moving on, not a big problem, I move on and decided to disable from System
Setting, Team appear as a voice there. First i try to remove it.
Teams did not start at the next reboot*
But at the next Team launch, the autostart voice reappear, and Teams autostart.
Then I though deleting the voice would make Teams think it need a new one, so I
instead disabled it using the "Status" checkbox
Teams did not start at the next reboot*
But again at the next Team launch, the "Status" checkbox is back there, and
Teams autostart.
* make sure teams is closed when you delete the autostart voices, it looks like
is checking for them in runtime too (maybe on close?), so it make virtually
impossible to disable until teams is running!
STEPS TO REPRODUCE
1. Launch "microsoft Teams", then close it
2. Remove the autostart voice for "microsoft Teams", by esiter disabling it or
deleting it
3. reboot, teams will no autosart
4. open teams
5. reboot
OBSERVED RESULT
- No request from plasma if i want Teams to autostart on step 1. and 4.
- teams will autostart again after step 5.
EXPECTED RESULT
- teams should not autostart unless authorized
- teams will NOT autostart again after step 5.
SOFTWARE/OS VERSIONS
Operating System: Arch Linux
KDE Plasma Version: 5.19.3
KDE Frameworks Version: 5.71.0
Qt Version: 5.15.0
Kernel Version: 5.8.0-rc4-1-mainline
OS Type: 64-bit
Processors: 12 × AMD Ryzen 5 3600 6-Core Processor
Memory: 15.6 GiB of RAM
Graphics Processor: AMD Radeon RX 5700 XT
ADDITIONAL INFORMATION
--
You are receiving this mail because:
You are watching all bug changes.
