Package: hibernate Version: 1.99-1 Severity: grave Tags: security Justification: user security hole
hi, i just noticed that for some reason the X session is not locked after a successfull resume which cause a serious security problem in my opinion. yours albert -- Package-specific info: --- configuration ==> /etc/hibernate/common.conf <== Verbosity 0 LogFile /var/log/hibernate.log LogVerbosity 4 Distribution debian SaveClock restore-only IbmAcpi yes LockXLock yes OnResume 20 /usr/sbin/anacron -s UnloadBlacklistedModules yes LoadModules auto PauseAudio yes EjectCards yes RestartServices laptop-mode RestartServices cron SwitchToTextMode yes ==> /etc/hibernate/disk.conf <== TryMethod ususpend-disk.conf TryMethod sysfs-disk.conf ==> /etc/hibernate/hibernate.conf <== TryMethod suspend2.conf TryMethod disk.conf TryMethod ram.conf ==> /etc/hibernate/ram.conf <== TryMethod ususpend-ram.conf TryMethod sysfs-ram.conf ==> /etc/hibernate/suspend2.conf <== UseSuspend2 yes Reboot no EnableEscape yes DefaultConsoleLevel 1 Compressor lzf Encryptor none FullSpeedCPU yes Include common.conf ==> /etc/hibernate/sysfs-disk.conf <== UseSysfsPowerState disk Include common.conf ==> /etc/hibernate/sysfs-ram.conf <== UseSysfsPowerState mem Include common.conf ==> /etc/hibernate/ususpend-both.conf <== USuspendMethod both Include common.conf ==> /etc/hibernate/ususpend-disk.conf <== USuspendMethod disk Include common.conf ==> /etc/hibernate/ususpend-ram.conf <== USuspendMethod ram Include common.conf --- /sys/power ==> /sys/power/disk <== [platform] test testproc shutdown reboot ==> /sys/power/image_size <== 973892157 ==> /sys/power/resume <== 254:6 ==> /sys/power/state <== mem disk --- log http://albertd.nicenamecrew.com/hibernate.log.bz2 -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages hibernate depends on: ii kbd 1.14.1-4 Linux console font and keytable ut Versions of packages hibernate recommends: ii dash 0.5.4-12 POSIX-compliant shell ii hdparm 8.9-2 tune hard disk parameters for high ii uswsusp 0.8-1.1 tools to use userspace software su ii vbetool 1.0-3 run real-mode video BIOS code to a Versions of packages hibernate suggests: pn 915resolution <none> (no description available) ii xscreensaver 5.05-3 Automatic screensaver for X -- no debconf information
signature.asc
Description: Digital signature