Hi,
On Sonntag, 18. April 2010, Julien Cristau wrote:
I don't think there's anything the screensavers can sensibly do there.
So I'm going to close this bug.
564079 is the same bug but for kscreensaver, closing this one too.
Version 2.6.32-9 of the Debian kernel includes a change by Bastian
Wouldn't a suid program specifically designed to exempt processes from
the OOM killer be a huge security bug? Every user would be able to
kill a machine by memory starvation.
What makes more sense to me would be to let root choose to disable the
most security sensible SysRq keys.
Cheers,
Luca
Luca Niccoli wrote:
What makes more sense to me would be to let root choose to disable the
most security sensible SysRq keys.
Err, actually I meant to default disabling them.
Setting /proc/sys/kernel/sysrq to 448 would seem reasonable.
Cheers,
Luca
--
To UNSUBSCRIBE, email to
I think that generally disabling SysRq while xscreensaver is running is not a
good idea. It will prevent the use of other commands that might be useful if the
system is behaving troublesome.
I think that a setuid helper specifically for this task is the proper solution,
if it can be ensured that
Why use sysctl and kernel.sysrq to disable this ability ?
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Sorry i meant Why not.
On 31 January 2010 14:26, db db.pub.m...@gmail.com wrote:
Why use sysctl and kernel.sysrq to disable this ability ?
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Hi,
I wrote to Jamie about this and he frankly doesn't know how to fix
this without doing it as root. I found that with a binary helper with
SETUID may introduce a new security issue and honestly I don't have
the time right now to write the code to patch this bug.
I would like all the help that
clone 562884 -1
clone 562884 -2
reassign -1 gnome-screensaver
reassign -2 kscreensaver
thanks
Hi,
IMO either the screensaver should disable sysrq while it's locked (and enable
it after locking) or the screensaver shouldnt lock the screen, when sysrq is
enabled (and output a warning message).
Hi,
just for the record, it IS possible to prevent a process from being killed by
the OOM-killer:
| 3.1 /proc/pid/oom_adj - Adjust the oom-killer score
| --
|
| This file can be used to adjust the score used to select which processes
| should
On Thu, Jan 7, 2010 at 16:39:05 +0100, Holger Levsen wrote:
IMO either the screensaver should disable sysrq while it's locked (and enable
it after locking) or the screensaver shouldnt lock the screen, when sysrq is
enabled (and output a warning message).
X screen savers don't run as root.
(and output a warning message).
X screen savers don't run as root.
there could be a setuid helper binary only doing what Uli proposed in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=562884#34
(I assume by 'sysrq' you mean the
oom killer.)
yes.
cheers,
Holger
signature.asc
Description
On 2009-12-29 05:07, Nico Golde wrote:
Hi,
* Lars Olav Dybsjord lar...@ping.uio.no [2009-12-28 21:23]:
I'm a bit new to this bugreporting stuff. I have however discovered that it
is possible to kill xscreensaver with Alt+SysRq+F (if this function is not
disabled). This may comprimise
Hi,
echo 447 /proc/sys/kernel/sysrq
works as a hotfix by disabling sysrq+f on affected machines.
Note: Gnome screensaver is vulnerable as well.
--
Håvard Espeland
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
Package: xscreensaver
Version: 4.24-5
Severity: grave
Tags: security
Justification: user security hole
Hi,
I'm a bit new to this bugreporting stuff. I have however discovered that it
is possible to kill xscreensaver with Alt+SysRq+F (if this function is not
disabled). This may comprimise
Hi,
* Lars Olav Dybsjord lar...@ping.uio.no [2009-12-28 21:23]:
I'm a bit new to this bugreporting stuff. I have however discovered that it
is possible to kill xscreensaver with Alt+SysRq+F (if this function is not
disabled). This may comprimise security when xscreensaver-command is used
with
15 matches
Mail list logo
