[arch-general] FS#28008 - Bypass screensaver/locker program on xorg 1.11 and up
Florian Pritz
bluewind at xinu.at
Fri Jan 20 02:10:34 EST 2012
On 20.01.2012 02:18, David J. Haines wrote:
> On Thu, Jan 19, 2012 at 8:08 PM, Tavian Barnes
> <tavianator at tavianator.com> wrote:
>> On 19 January 2012 18:23, Dmitry Korzhevin <dkorzhevin at lsupport.net> wrote:
>>> a funny bug in the Xorg server that could allow attackers with physical
>>> access to a machine to bypass the screensaver/screen locker program.
>>> Most people use those programs to lock their computer when they are
>>> away. On Gnome, gnome-screensaver is responsible for this. On KDE,
>>> kscreenlocker is. There is a wide variety of smaller tools doing the
>>> same thing, e.g. slock, slimlock, i3lock...
>>>
>>> Read more:
>>> http://gu1.aeroxteam.fr/2012/01/19/bypass-screensaver-locker-program-xorg-111-and-up
>>>
>>> ctrl+atl+*(on num lock keyboard) confirmed and work in arch linux.
>>
>> IMO, it's not an X.Org or configuration bug, it's a bug in all the
>> screen lockers.
>>
>> http://seclists.org/oss-sec/2012/q1/217
>>
>> --
>> Tavian Barnes
>
> No Happy Hacking Keyboard (1996 IBM Model M, baby!), but I do use a
> custom keyboard layout that allows me to type international letters
> and switch entirely to a phonetic Cyrillic layout.
Please check if your custom layout contains the string "XF86_ClearGrab"
(maybe also without the underscore) and if yes, replace it with
"NoSymbol". Don't forget to reload it afterwards.
--
Florian Pritz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20120120/e5f028cc/attachment.asc>
More information about the arch-general
mailing list