Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 18 Jan 2012 22:18:59 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Gu1 <gu1@...sortium-of-pwners.net>
Subject: Re: Screen locking programs on Xorg 1.11

On 01/18/2012 05:03 PM, Gu1 wrote:
> Hi,
> I recently found out that it is possible to kill a screensaver/screen
> locker program on the latest version of Xorg (1.11 shipped with
> archlinux, debian wheezy..) using the Ctrl+Alt+Multiply key binding.
>
> This behavior seems to have been introduced in a recent commit[1] and i
> couldn't find a way to disable it.
>
> All screen locking programs i tested (gnome-screensaver, kscreenlocker,
> slock, slimlock...), are basically rendered useless.
>
> Not sure if this is a bug or a feature... :)
>
>
> [1]:
> http://cgit.freedesktop.org/xorg/xserver/commit/?id=7d2543a3cb3089241982ce4f8984fd723d5312a1
>
Confirmed. Please use CVE-2012-0064 for this issue.

-- 

-- Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ