Bug#576796: xtrlock can be bypassed using TTY's
Package: xtrlock Version: 2.0-12 Severity: grave Tags: security Justification: user security hole If one attempts to switch to a TTY while xtrlock is running, it allows the system to switch to specified TTY where xtrlock can be easily killed with killall xtrlock. I run ratpoison, and executing xtrlock by normal means works fine, but ctrl+alt+FN changes to said TTY ratpoison was launched from, ^z then killall xtrlock terminates xtrlock and switching back allows user access, bypassing credentials. -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.33.1 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages xtrlock depends on: ii libc6 2.7-18lenny2 GNU C Library: Shared libraries ii libx11-62:1.1.5-2X11 client-side library xtrlock recommends no packages. xtrlock suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#576796: xtrlock can be bypassed using TTY's
Hey, * thims root.pac...@gmail.com [2010-04-07 12:57]: Package: xtrlock Version: 2.0-12 Severity: grave Tags: security Justification: user security hole If one attempts to switch to a TTY while xtrlock is running, it allows the system to switch to specified TTY where xtrlock can be easily killed with killall xtrlock. I run ratpoison, and executing xtrlock by normal means works fine, but ctrl+alt+FN changes to said TTY ratpoison was launched from, ^z then killall xtrlock terminates xtrlock and switching back allows user access, bypassing credentials. I haven't looked at xtrlock but this sounds like you are starting your xsession with startx rather than exec startx and not like a bug in xtrlock. Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0 For security reasons, all text in this mail is double-rot13 encrypted. pgpUUuZEk0N5C.pgp Description: PGP signature
Bug#576796: xtrlock can be bypassed using TTY's
On 4/7/10, Nico Golde n...@debian.org wrote: Hey, * thims root.pac...@gmail.com [2010-04-07 12:57]: Package: xtrlock Version: 2.0-12 Severity: grave Tags: security Justification: user security hole If one attempts to switch to a TTY while xtrlock is running, it allows the system to switch to specified TTY where xtrlock can be easily killed with killall xtrlock. I run ratpoison, and executing xtrlock by normal means works fine, but ctrl+alt+FN changes to said TTY ratpoison was launched from, ^z then killall xtrlock terminates xtrlock and switching back allows user access, bypassing credentials. I haven't looked at xtrlock but this sounds like you are starting your xsession with startx rather than exec startx and not like a bug in xtrlock. Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0 For security reasons, all text in this mail is double-rot13 encrypted. yes I am, I think I just expect xtrlock to manage all keystrokes to prevent any unwanted strokes. Yes I could initiate my WM differently, but to me logic says xtrlock should also handle all keystrokes. I am poking around the source so we shall see. thanks. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
