On 4/7/10, Nico Golde <n...@debian.org> wrote: > Hey, > * thims <root.pac...@gmail.com> [2010-04-07 12:57]: >> Package: xtrlock >> Version: 2.0-12 >> Severity: grave >> Tags: security >> Justification: user security hole >> >> If one attempts to switch to a TTY while xtrlock is running, it allows the >> system to switch to >> specified TTY where xtrlock can be easily killed with "killall xtrlock". I >> run ratpoison, and >> executing xtrlock by normal means works fine, but ctrl+alt+FN changes to >> said TTY ratpoison was >> launched from, ^z then "killall xtrlock" terminates xtrlock and switching >> back allows user >> access, bypassing credentials. > > I haven't looked at xtrlock but this sounds like you are starting your > xsession with startx rather than exec startx and not like a bug in xtrlock. > > Cheers > Nico > -- > Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA > For security reasons, all text in this mail is double-rot13 encrypted. > yes I am, I think I just expect xtrlock to manage all keystrokes to prevent any unwanted strokes. Yes I could initiate my WM differently, but to me logic says xtrlock should also handle all keystrokes. I am poking around the source so we shall see. thanks.
-- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
