[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Am I missing something or is this a HUGE security flaw?

Joey Hess writes:
 > Luiz Otavio L. Zorzella wrote:
 > > If someone told me he could enter in my accout if I left my screen
 > > locked I would say he's nuts, but that's exactly what I found out.
 > > 
 > > It is a simple combinated use of X and xlock when xdm isn't used.
 > > 
 > > How? Let's say someone simply locks his computer with xlock.
 > > 
 > > All you need to do is change to text virtual console 1 with
 > > CTRL-ALT-F1 (or whatever console X was started in) and press
 > > CTRL-C. That will kill X and give you the person's login.
 > > 
 > > Am I missing something?
 > 
 > Don't start X that way.
 >

This is a no-answer. Starting X from the console is a valid -- and
even prefered, IMHO -- way of starting X. If I *need* to use xdm, I'll
always have to have the memory-eating "X", which seems unaceptable for
me, if I'm not using X.

-- 
Luiz Otavio L. Zorzella                 Product Engineer
zorzella@conexware.com          http://www.conexware.com


--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: