Date: Wed, 14 Jun 2006 04:00:48 +0400 From: Tarc <tarc@tarc.po.cs.msu.su> To: "Simon L. Nielsen" <simon@freebsd.org> Cc: freebsd-ports@freebsd.org Subject: Re: xlockmore - serious security issue Message-ID: <20060614000048.GM22799@tarc.po.cs.msu.su> In-Reply-To: <20060613234027.GC1074@zaphod.nitro.dk> References: <cb5206420606130418x706ccd61t5840bd2b0c00f61b@mail.gmail.com> <20060613113151.GC8105@heechee.tobez.org> <cb5206420606130454i2c4fac71m53c7b2d81839e7dd@mail.gmail.com> <200606131037.58401.amistry@am-productions.biz> <cb5206420606130751s65808df2rb39b2ebb163757c4@mail.gmail.com> <20060613234027.GC1074@zaphod.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
> FORBIDDEN and a VuXML entry seems in a way a bit overkill to me seems > a bit overkill to me, since it's not really a vulnerability, but I'm > open to input. > > As mentioned by others, xlockmore is fundamentally flawed > wrt. guaranteeing that the screen stays locked in that the > screensavers code can kill the lock, which it should not be able to > happen. > > Has anyone contacted the xlockmore author for comment on this issue? > > One thing we could do right now is to add a message at install time > warning that xlockmore might unlock the screen (a bit like the Pine > warning). > > -- > Simon L. Nielsen about signals: xlockmore catchs SIGINT SIGTERM SIGQUIT SIGSEGV SIGBUS SIGFPE and SIGHUP if compilled with debug. on these signals it lockout your display. But you can lock vt switching -- Best regards, Arseny Nasokin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060614000048.GM22799>