Announcement

Collapse
No announcement yet.

An Easy But Serious Screensaver Security Problem In X.Org

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Hmm, I don't have a keypad on my keyboard (mini Apple Aluminum wired keyboard same layout as the bluetooth one now) so this doesn't seem to work. Also I'm still running xorg-server-1.10 here on my gentoo install due to some issues with the newer nvidia drivers, wine, and team fortress 2.

    How do I check to see if my XKB has the default debugging, without the effected xorg-server and without a keypad?

    Comment


    • #22
      Originally posted by cynyr View Post
      Hmm, I don't have a keypad on my keyboard (mini Apple Aluminum wired keyboard same layout as the bluetooth one now) so this doesn't seem to work. Also I'm still running xorg-server-1.10 here on my gentoo install due to some issues with the newer nvidia drivers, wine, and team fortress 2.

      How do I check to see if my XKB has the default debugging, without the effected xorg-server and without a keypad?
      Run 'xkbcomp -xkb :0 - | less' and look for a fragment like this:
      interpret XF86_Ungrab {
      action = Private(type=0x86, data=[stuff in hex]);
      };
      interpret XF86_ClearGrab {
      action = Private(type=0x86, data=[more stuff in hex]);
      };

      Comment


      • #23
        The X screen locker has always been a suboptimal hack.

        KDE 4.8 (to be released on 25th Jan) already ditches the X screen locker for one integrated with the compositor. This just goes to show what a good move that is.

        Comment


        • #24
          Originally posted by phoronix View Post
          Phoronix: An Easy But Serious Screensaver Security Problem In X.Org

          I've been alerted this afternoon that there's an outstanding security vulnerability within the current X.Org Server that's receiving little attention. This active vulnerability could allow anyone with physical access to your system to easily bypass the desktop's screen lock regardless of your desktop environment...

          http://www.phoronix.com/vr.php?view=MTA0NTA
          Even though Gentoo is listed, it was fixed the same day 19/01/12 in Portage for x86, amd64, hppa, arm: https://bugs.gentoo.org/399347

          Comment


          • #25
            There's been a blog post written about this by Peter Hutterer, for those interested.

            Comment

            Working...
            X