On 2009-12-29 05:07, Nico Golde wrote: > Hi, > * Lars Olav Dybsjord <lar...@ping.uio.no> [2009-12-28 21:23]: > > I'm a bit new to this bugreporting stuff. I have however discovered that it > > is possible to kill xscreensaver with Alt+SysRq+F (if this function is not > > disabled). This may comprimise security when xscreensaver-command is used > > with the -lock option, because the screen will be unlocked. > > > > gnome-screensaver seems not to be vulnerable to this attack.
It seems i was wrong about this. gnome-screensaver is also vulnerable to this attack. > > This is not really an xscreensaver bug though I realize how much this sucks > in > practice. The problem is the kernel oomkiller is killing the process with the > highest "rank" which is very likely to be xscreensaver if the screen is > locked. Unless I miss something (please note that I am not too much into X11) > there is no way to prevent it unless switching of the sysrq feature or > reforking died child processes. > > I am a bit unsure how to handle this, of course from a user perspective this > needs to be solved. Cced the rest of the team to get some more input. > > Cheers > Nico > -- > Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA > For security reasons, all text in this mail is double-rot13 encrypted. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
