Hey, * thims <[email protected]> [2010-04-07 12:57]: > Package: xtrlock > Version: 2.0-12 > Severity: grave > Tags: security > Justification: user security hole > > If one attempts to switch to a TTY while xtrlock is running, it allows the > system to switch to > specified TTY where xtrlock can be easily killed with "killall xtrlock". I > run ratpoison, and > executing xtrlock by normal means works fine, but ctrl+alt+FN changes to said > TTY ratpoison was > launched from, ^z then "killall xtrlock" terminates xtrlock and switching > back allows user > access, bypassing credentials.
I haven't looked at xtrlock but this sounds like you are starting your xsession with startx rather than exec startx and not like a bug in xtrlock. Cheers Nico -- Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
pgp3bhGXTYYeK.pgp
Description: PGP signature
