[arch-general] FS#28008 - Bypass screensaver/locker program on xorg 1.11 and up
David J. Haines
dhaines at gmail.com
Thu Jan 19 20:18:27 EST 2012
On Thu, Jan 19, 2012 at 8:08 PM, Tavian Barnes
<tavianator at tavianator.com> wrote:
> On 19 January 2012 18:23, Dmitry Korzhevin <dkorzhevin at lsupport.net> wrote:
>> a funny bug in the Xorg server that could allow attackers with physical
>> access to a machine to bypass the screensaver/screen locker program.
>> Most people use those programs to lock their computer when they are
>> away. On Gnome, gnome-screensaver is responsible for this. On KDE,
>> kscreenlocker is. There is a wide variety of smaller tools doing the
>> same thing, e.g. slock, slimlock, i3lock...
>>
>> Read more:
>> http://gu1.aeroxteam.fr/2012/01/19/bypass-screensaver-locker-program-xorg-111-and-up
>>
>> ctrl+atl+*(on num lock keyboard) confirmed and work in arch linux.
>
> IMO, it's not an X.Org or configuration bug, it's a bug in all the
> screen lockers.
>
> http://seclists.org/oss-sec/2012/q1/217
>
> --
> Tavian Barnes
No Happy Hacking Keyboard (1996 IBM Model M, baby!), but I do use a
custom keyboard layout that allows me to type international letters
and switch entirely to a phonetic Cyrillic layout.
In playing about, it looks like if your WM (or another program?) grabs
the alt key, as does xmonad by default, then the combination won't
produce the result. I have Caps Lock send mod4mask (the Windows key),
have left Alt send Alt, and right Alt send AltGr. I can kill
xscreensaver with Ctrl-Left Alt-Keypad *, but not with Right Alt,
which would make sense given the keyboard setup.
In the end, though, I think Tavian is right. Before they reintroduced
this feature, it was up to applications to disable it themselves,
IIRC.
More information about the arch-general
mailing list