Hello, This is not strictly a Gentoo issue, but since we have a good habit to report upstream bugs and security issues (and I use Gentoo), I wanted to run by a possible security hole to others.
When my machine is locked, I can still use an IR remote, running through lirc and programmed through irkick, as though the machine was unlocked. What likely security area this falls under is not very serious, as someone would need to program a remote control to do strange commands to have any sense of taking control of the machine, and said user must also be local. But, the IR remote should still be unresponsive when the machine is locked (similar to hot keys). I am using KDE 3.5.10, so it's possible this has been resolved in more recent versions. I assume irkick is to blame, but in principle it might be related to lirc. Does anyone have thoughts? Is this worth a security bug report? How would I determine if it's lirc or irkick, or should I just submit to Gentoo devs and maybe they would know better? Regards, daid
