Date: Mon, 29 Sep 2014 10:59:23 -0400 From: Daniel Kahn Gillmor <dkg@...thhorseman.net> To: oss-security@...ts.openwall.com Subject: gnome-shell lockscreen bypass with printscreen key hi OSS-security folks-- gnome-shell currently handles the lockscreen for modern versions of gnome. gnome-shell also handles the "take a screenshot" action, which is mapped by default to the prtsc key. the prtsc key is not disabled when the screen is locked. taking a bunch of screenshots at once bloats gnome-shell to the point where it's pretty easy to get it targeted by the kernel's oom-killer. This means that anyone with access to the keyboard of a locked GNOME session can (briefly) disable the lockscreen, which lets them see and interact with the running gnome session: https://bugzilla.gnome.org/show_bug.cgi?id=737456 It looks like fixes are targeted for GNOME 3.14.1. Regards, --dkg Download attachment "signature.asc" of type "application/pgp-signature" (950 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.