On Sat, Nov 15, 2003 at 04:39:56PM -0500, Ric Messier wrote:
> Bit of a red herring, actually. If I can walk up to your system, it won't
> matter whether I can hit Ctrl-Alt-Bksp to get into your account or not. If I
> have physical access to your box, I own it. Period.
>
> Ric
>
> > -----Original Message-----
> > From: Mark Knecht [mailto:[EMAIL PROTECTED]
> > Sent: Friday, November 14, 2003 11:51 PM
> > To: Gentoo-User
> >
> > On Fri, 2003-11-14 at 20:24, Andrew Gaffney wrote:
> > > Mark Knecht wrote:
> > > > Hi,
> > > > Found this issue and tried it twice tonight on two
> > > > different machines.
> > > >
> > > > With xscreensaver locked and waiting for your password,
> > > > I walk up and hit Alt-Ctrl-Backspace. It kills X and
> > > > drops me into the console as you.
> > > >
> > > > At this point I have your account.
So you are having people run xinit on their own then? If you run
xdm/gdm/kdm instead, the user will normally not login at the
console, so killing X won't yield access.
> > > > I guess this is an XFree issue? Is there a way to
> > > > configure XFree to not do this? Or is this an
> > > > xscreensaver issue. Should it trap the key sequence and
> > > > do nothing?
> > > >
> > > > Is this a known bug? It seems quite dangerous to me.
> > >
> > > From 'man XF86Config':
> > >
> > > Option "DontZap" "boolean"
> > > This disallows the use of the Ctrl+Alt+Backspace sequence.
> > > That sequence is normally used to terminate the X server.
> > > When this option is enabled, that key sequence has no
> > > special meaning and is passed to clients. Default: off.
You might also want to use DontVTSwitch. From the same man page:
Option "DontVTSwitch" "boolean"
This disallows the use of the Ctrl+Alt+Fn sequence (where Fn refers to
one of the numbered function keys). That sequence is normally used to
switch to another virtual terminal on operating systems that have this
feature. When this option is enabled, that key sequence has no
special meaning and is passed to clients. Default: off.
- richard
--
Richard Kilgore
[EMAIL PROTECTED]
--
[EMAIL PROTECTED] mailing list
