Hey, * thims <root.pac...@gmail.com> [2010-04-07 12:57]: > Package: xtrlock > Version: 2.0-12 > Severity: grave > Tags: security > Justification: user security hole > > If one attempts to switch to a TTY while xtrlock is running, it allows the > system to switch to > specified TTY where xtrlock can be easily killed with "killall xtrlock". I > run ratpoison, and > executing xtrlock by normal means works fine, but ctrl+alt+FN changes to said > TTY ratpoison was > launched from, ^z then "killall xtrlock" terminates xtrlock and switching > back allows user > access, bypassing credentials.
I haven't looked at xtrlock but this sounds like you are starting your xsession with startx rather than exec startx and not like a bug in xtrlock. Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
pgpUUuZEk0N5C.pgp
Description: PGP signature
