Hi KDE users, anyone has experiment something like this:
On Fri, Mar 30, 2007 at 03:39:02PM +0100, Sheridan Hutchinson wrote: > Package: klaptopdaemon > Version: 4:3.5.5-3 > Severity: grave > Tags: security > Justification: user security hole > > Hi, I'm using Etch RC2 and I use klaptopdaemon to lock and hibernate my > laptop when I noticed an interesting little bug. I access lock and > hibernate by right-clicking on the system tray icon and clicking on the > option there. > > Depending on the load on the system, klaptopdaemon appears to be > allowing somone unhibernating a locked & hibernated system, brief access > to the desktop. > > The first time that I noticed this I was able to start accessing a > previously opened terminal and got 'ls -la' into the terminal, and to > get the directory listing, before the screenlock was brought up. > > I have tried to replicate this and catch it on my phone camera, although > I have been unable to replicate the system load of the first time I > caught it. However, I attach move00064.3gp which is video of me > trying to replicate this, and you can see that just after coming out of > hibernate and once the X scree is brough back up, you can see a flash of > my desktop. When I first noticed this bug, I believe my system was > under considerable load and I was able to interfere with the desktop at > my leisure, until the screenlock was brought up. > > As a recollection, Windows NT 3.xx had a bug like this in the distant > past, and that knowlege brought me to notice this flaw. > > I will do further experiments with system load and other factors to see > if I can get access to desktop for a prolonged period of time again. If > I was able to get up a terminal, and it was root logged on, presumably I > could kill off the process that would launch the screenlock before it > had a chance and have my wicked way with the desktop? > > FYI I'm using an IBM Thinkpad X40. > > I hope this helps! > > > -- System Information: > Debian Release: 4.0 > APT prefers testing > APT policy: (500, 'testing') > Architecture: i386 (i686) > Shell: /bin/sh linked to /bin/bash > Kernel: Linux 2.6.18 > Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) > > Versions of packages klaptopdaemon depends on: > ii kdelibs4c2a 4:3.5.5a.dfsg.1-6 core libraries and binaries for > al > ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries > ii libgcc1 1:4.1.1-21 GCC support library > ii libqt3-mt 3:3.3.7-3 Qt GUI Library (Threaded runtime > v > ii libstdc++6 4.1.1-21 The GNU Standard C++ Library v3 > ii libxtst6 1:1.0.1-5 X11 Testing -- Resource > extension > > klaptopdaemon recommends no packages. > > -- no debconf information You can read the full bug report (and download the video) from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416824 Thanks, Ana -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
