[arch-general] FS#28008 - Bypass screensaver/locker program on xorg 1.11 and up
Florian Pritz
bluewind at xinu.at
Fri Jan 20 02:07:40 EST 2012
On 20.01.2012 02:08, Tavian Barnes wrote:
> On 19 January 2012 18:23, Dmitry Korzhevin <dkorzhevin at lsupport.net> wrote:
>> a funny bug in the Xorg server that could allow attackers with physical
>> access to a machine to bypass the screensaver/screen locker program.
>> Most people use those programs to lock their computer when they are
>> away. On Gnome, gnome-screensaver is responsible for this. On KDE,
>> kscreenlocker is. There is a wide variety of smaller tools doing the
>> same thing, e.g. slock, slimlock, i3lock...
>>
>> Read more:
>> http://gu1.aeroxteam.fr/2012/01/19/bypass-screensaver-locker-program-xorg-111-and-up
>>
>> ctrl+atl+*(on num lock keyboard) confirmed and work in arch linux.
>
> IMO, it's not an X.Org or configuration bug, it's a bug in all the
> screen lockers.
>
> http://seclists.org/oss-sec/2012/q1/217
>
http://cgit.freedesktop.org/xorg/xserver/commit/?id=1a573e402ec112913a404f092b5b97d8d9210f94
http://cgit.freedesktop.org/xorg/xserver/commit/?id=22e64108ec63ba77779891f8df237913ef9ca731
--
Florian Pritz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20120120/b97f53e2/attachment.asc>
More information about the arch-general
mailing list