Announcement
Collapse
No announcement yet.
An Easy But Serious Screensaver Security Problem In X.Org
Collapse
X
-
Originally posted by phoronix View PostPhoronix: An Easy But Serious Screensaver Security Problem In X.Org
I've been alerted this afternoon that there's an outstanding security vulnerability within the current X.Org Server that's receiving little attention. This active vulnerability could allow anyone with physical access to your system to easily bypass the desktop's screen lock regardless of your desktop environment...
http://www.phoronix.com/vr.php?view=MTA0NTA
Leave a comment:
-
The X screen locker has always been a suboptimal hack.
KDE 4.8 (to be released on 25th Jan) already ditches the X screen locker for one integrated with the compositor. This just goes to show what a good move that is.
Leave a comment:
-
Originally posted by cynyr View PostHmm, I don't have a keypad on my keyboard (mini Apple Aluminum wired keyboard same layout as the bluetooth one now) so this doesn't seem to work. Also I'm still running xorg-server-1.10 here on my gentoo install due to some issues with the newer nvidia drivers, wine, and team fortress 2.
How do I check to see if my XKB has the default debugging, without the effected xorg-server and without a keypad?
interpret XF86_Ungrab {
action = Private(type=0x86, data=[stuff in hex]);
};
interpret XF86_ClearGrab {
action = Private(type=0x86, data=[more stuff in hex]);
};
Leave a comment:
-
Hmm, I don't have a keypad on my keyboard (mini Apple Aluminum wired keyboard same layout as the bluetooth one now) so this doesn't seem to work. Also I'm still running xorg-server-1.10 here on my gentoo install due to some issues with the newer nvidia drivers, wine, and team fortress 2.
How do I check to see if my XKB has the default debugging, without the effected xorg-server and without a keypad?
Leave a comment:
-
@mcdebugger
Better: set a hd pw in the bios if possible. Even better: get a hd/ssd with integrated encryption. Even without that removing the hd and connecting to another pc will not allow immediate access to modify data. That could be done only by professionals.
@korpenkraxar
Most likely you need the fn key to get the blue *.Last edited by Kano; 19 January 2012, 05:56 PM.
Leave a comment:
-
Arch Linux, Gnome 3, xkeyboard-config version 2.4.1-2 (w/o the patch), Thinkpad W500 with a swedish laptop. I have not been able to unlock the screen. What log file is supposedly printed to? Hmm, which is Keypad-Multiply on this keyboard?
Leave a comment:
-
Originally posted by not.sure View PostUnless you have your disk encrypted, then when you reboot you're exactly nobody (sure, you can manipulate the kernel but lets not go there..).In addition to crypted storage this may be a little nervous for attacker.
Leave a comment:
-
Originally posted by Kano View PostWell it does not expose root rights until you have got a root terminal open all the time. But when you reboot with correct options you are root.
Btw also fixed in debian unstable now http://packages.qa.debian.org/x/xorg...9T101901Z.html
Leave a comment:
-
(not obviously counting APT where after getting root he will install a keylogger etc, but someone passing by when you go get something)
Leave a comment:
Leave a comment: