--- Stephane Gourichon <[EMAIL PROTECTED]> wrote: > Hello, > > Mandrake 8.1 introduced a new feature, through the > new kdm: AutoReLogin. > It is supposed to build back the user session if X > crashes (or > Ctrl-Alt-Backspace is pressed, which is a handy way > not to wait for > eons for KDE to start when one actually wants > everything else but KDE, > but sometimes the default goes back to starting KDE > anyway). > > > Be aware that this opens a security hole ! > > Whenever a screen is xlocked (xscreensaver, etc...), > anyone just has to > press Ctrl-Alt-Backspace to get re-logged in as the > previous user, but > without the screen locked. (See > http://www.google.com/search?q=autorelogin%20security) > > IMO, this should be turned off by default! > (AutoReLogin=false in kdmrc) >
or maybe made a bit smarter, such as if password authentication is checked in Xscreensaver then when it autorelogins the Xsceensaver is automatically activated. Or maybe send it to the screensaver automatically regardless. > > Perhaps, after disabling it by default, Mandrake may > consider turning > the default back to "on" in low security levels > and/or if autologin is > set to true. > > (I don't know, if it is fixed in 8.2, and I can't > test now.) > > Thanks. > > -- > Stéphane Gourichon - Labo. d'Informatique de Paris 6 > - AnimatLab > http://animatlab.lip6.fr - philo du dimanche > http://amphi-gouri.org/ > > "Bonjour, je suis qu'une phrase entre guillemets > dans une signature, > mais si vous me recopiez dans votre signature > automatique d'e-mail, > alors je pourrai continuer à me reproduire comme un > virus. Merci !" > > ===== SI Reasoning [EMAIL PROTECTED] "To announce that there must be no criticism of the president or that we are to stand by the president, right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public." Theodore Roosevelt __________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com
