-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Maybe AutoRelogin should also turn off Ctrl-Alt-Backspace. Or you can do it yourself.
In /etc/X11/XF86Config-4:
Section "ServerFlags"
DontZap
EndSection
Danny
On Wednesday 13 February 2002 19:46, you wrote:
> --- Stephane Gourichon <[EMAIL PROTECTED]>
>
> wrote:
> > Hello,
> >
> > Mandrake 8.1 introduced a new feature, through the
> > new kdm: AutoReLogin.
> > It is supposed to build back the user session if X
> > crashes (or
> > Ctrl-Alt-Backspace is pressed, which is a handy way
> > not to wait for
> > eons for KDE to start when one actually wants
> > everything else but KDE,
> > but sometimes the default goes back to starting KDE
> > anyway).
> >
> >
> > Be aware that this opens a security hole !
> >
> > Whenever a screen is xlocked (xscreensaver, etc...),
> > anyone just has to
> > press Ctrl-Alt-Backspace to get re-logged in as the
> > previous user, but
> > without the screen locked. (See
>
> http://www.google.com/search?q=autorelogin%20security)
>
> > IMO, this should be turned off by default!
> > (AutoReLogin=false in kdmrc)
>
> or maybe made a bit smarter, such as if password
> authentication is checked in Xscreensaver then when it
> autorelogins the Xsceensaver is automatically
> activated. Or maybe send it to the screensaver
> automatically regardless.
>
> > Perhaps, after disabling it by default, Mandrake may
> > consider turning
> > the default back to "on" in low security levels
> > and/or if autologin is
> > set to true.
> >
> > (I don't know, if it is fixed in 8.2, and I can't
> > test now.)
> >
> > Thanks.
> >
> > --
> > Stéphane Gourichon - Labo. d'Informatique de Paris 6
> > - AnimatLab
> > http://animatlab.lip6.fr - philo du dimanche
> > http://amphi-gouri.org/
> >
> > "Bonjour, je suis qu'une phrase entre guillemets
> > dans une signature,
> > mais si vous me recopiez dans votre signature
> > automatique d'e-mail,
> > alors je pourrai continuer à me reproduire comme un
> > virus. Merci !"
>
> =====
> SI Reasoning
> [EMAIL PROTECTED]
>
> "To announce that there must be no criticism of the president or that we
> are to stand by the president, right or wrong, is not only unpatriotic and
> servile, but is morally treasonable to the American public." Theodore
> Roosevelt
>
> __________________________________________________
> Do You Yahoo!?
> Send FREE Valentine eCards with Yahoo! Greetings!
> http://greetings.yahoo.com
- --
"`Credit?' he said. `Aaaargggh...'
These two words are usually coupled together in the Old
Pink Dog Bar."
- - Ford in a spot of bother.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8ar38aeiN+EU2vEIRAl1XAKChUmHQ/g6Bmf6ydN5Z7y9RLCcfDACfSvbi
PgQMJo3XWq3rBiOCVAwzGDs=
=diM0
-----END PGP SIGNATURE-----
