Revisit of Deepin Desktop D-Bus Services after Removal from ...
土豆太烫
npub1zef95zwy99jgq54nhctdyk49nd8u90qne2fkcmcujcnxxjtr9pzs3whurl
hex
edffa862ce97dc3d53323879e7a290306171740cbb00cbc9d2e6502f0d25cf7bnevent
nevent1qqswmlagvt8f0hpa2vers70852grqct3wsxtkqxte8fwv5p0p5ju77cprpmhxue69uhhyetvv9ujuem4d36kwatvw5hx6mm9qgspv5j6p8zzjeyq22emu9kjt2jekn7zhsfu4ymvduwfvfnrf93js3gk3s45mKind-1 (TextNote)
Revisit of Deepin Desktop D-Bus Services after Removal from openSUSE (April 2026)
openSUSE 再次评估 Deepin 桌面组件,结果依然令人失望。虽然官方声称已修复,但审计发现 Backlight Helper 缺少 Polkit 认证,Accounts Service 更是漏洞百出:CreateGuestUser 存在竞态条件,SetHomeDir 可将家目录移至 /root,SetPassword 甚至泄露明文密码并存在 root 提权风险。openSUSE 表示 Deepin 安全文化堪忧,修复效率极低,建议用户谨慎使用,并已降低其审核优先级。
https://security.opensuse.org/2026/04/20/winter-spotlight.html#section-deepin
Raw JSON
{
"kind": 1,
"id": "edffa862ce97dc3d53323879e7a290306171740cbb00cbc9d2e6502f0d25cf7b",
"pubkey": "16525a09c429648052b3be16d25aa59b4fc2bc13ca936c6f1c96266349632845",
"created_at": 1778831747,
"tags": [
[
"t",
"section"
],
[
"client",
"Primal Android"
]
],
"content": "Revisit of Deepin Desktop D-Bus Services after Removal from openSUSE (April 2026)\n\nopenSUSE 再次评估 Deepin 桌面组件,结果依然令人失望。虽然官方声称已修复,但审计发现 Backlight Helper 缺少 Polkit 认证,Accounts Service 更是漏洞百出:CreateGuestUser 存在竞态条件,SetHomeDir 可将家目录移至 /root,SetPassword 甚至泄露明文密码并存在 root 提权风险。openSUSE 表示 Deepin 安全文化堪忧,修复效率极低,建议用户谨慎使用,并已降低其审核优先级。\n\nhttps://security.opensuse.org/2026/04/20/winter-spotlight.html#section-deepin \n\n",
"sig": "b8437b5b460b0253f8b695a8124d7a16100600d3b285f00b91624d8431f8181faff560f9f3db64fac195ca97a9eb02c914d4a3d2b36d531fbe7abdce8e26995b"
}