Bug#434227: kdm: autologin: auto-lock fails when switching terminals
Package: kdm
Version: 4:3.5.7-1
Severity: grave
Tags: security
Justification: user security hole
When using KDM with AutoLoginEnable=true and AutoLoginLocked=true,
and using a KDE session, the session lock can be avoided by switching
virtual consoles before the autologin starts (e.g. while the X
server is still starting up, or during the AutoLoginDelay).
Regards,
Rogier.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-3-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages kdm depends on:
ii debconf [debconf-2.0] 1.5.13 Debian configuration management sy
ii kdebase-bin 4:3.5.7-1 core binaries for the KDE base mod
ii kdebase-data 4:3.5.7-1 shared data files for the KDE base
ii kdelibs4c2a 4:3.5.7.dfsg.1-1 core libraries and binaries for al
ii libc6 2.5-9+b1 GNU C Library: Shared libraries
ii libgcc1 1:4.2-20070627-1 GCC support library
ii libpam-runtime 0.79-4 Runtime support for the PAM librar
ii libpam0g 0.79-4 Pluggable Authentication Modules l
ii libqt3-mt 3:3.3.7-5 Qt GUI Library (Threaded runtime v
ii libstdc++6 4.2-20070627-1 The GNU Standard C++ Library v3
ii libx11-6 2:1.0.3-7 X11 client-side library
ii libxau6 1:1.0.3-2 X11 authorisation library
ii libxdmcp6 1:1.0.2-2 X11 Display Manager Control Protoc
ii libxtst6 1:1.0.2-1 X11 Testing -- Resource extension
ii xbase-clients 1:7.2.ds2-2 miscellaneous X clients
Versions of packages kdm recommends:
ii logrotate 3.7.1-3 Log rotation utility
-- debconf information:
kdm/stop_running_server_with_children: false
* shared/default-x-display-manager: kdm
kdm/daemon_name: /usr/bin/kdm
Reply to: