Vulnerability Development mailing list archives
Re: Possible flaw in XFree?
From: Philip Rowlands <phr () doc ic ac uk>
Date: Fri, 28 Jun 2002 17:18:08 +0100 (BST)
On Thu, 27 Jun 2002, William N. Zanatta wrote:
1. Logged into the system as 'william' (a normal non-privileged user). 2. startx 3. Run xlock ... the screen is now locked... 4. Tried a hit on some keys. The password screen appears. 5. Then, 'ctrl-alt-backspace' and voila... X is down and my console is there, opened for me. I see this as a serious problem once one could let his/her X session opened and locked and anyone who have access to that machine could abort the X session and start playing around with the logged user's shell (which could be the root shell).
That's a feature, not a bug :) If you don't like it, set
Option "DontZap" "on"
in your config file. Or use {g,k,x}dm rather than startx, then at least
you don't drop to a shell.
Cheers,
Phil
Current thread:
- Possible flaw in XFree? William N. Zanatta (Jun 28)
- Re: Possible flaw in XFree? Philip Rowlands (Jun 28)
- Re: Possible flaw in XFree? Jedi/Sector One (Jun 28)
- Re: Possible flaw in XFree? mdonnelly (Jun 28)
- Re: Possible flaw in XFree? Vanja Hrustic (Jun 28)
- Re: Possible flaw in XFree? Valdis . Kletnieks (Jun 28)
- Re: Possible flaw in XFree? Nuno Branco (Jun 28)
- Re: Possible flaw in XFree? Vilmos Soti (Jun 28)
- Message not available
- Re: Possible flaw in XFree? William N. Zanatta (Jun 28)
- Re: Possible flaw in XFree? Nick Lange (Jun 28)
- Re: Possible flaw in XFree? Timothy J . Miller (Jun 29)
- Re: Possible flaw in XFree? strange (Jun 28)
- Re: Possible flaw in XFree? William N. Zanatta (Jun 28)