Re: Am I missing something or is this a HUGE security flaw?
Joey Hess writes:
> Luiz Otavio L. Zorzella wrote:
> > If someone told me he could enter in my accout if I left my screen
> > locked I would say he's nuts, but that's exactly what I found out.
> >
> > It is a simple combinated use of X and xlock when xdm isn't used.
> >
> > How? Let's say someone simply locks his computer with xlock.
> >
> > All you need to do is change to text virtual console 1 with
> > CTRL-ALT-F1 (or whatever console X was started in) and press
> > CTRL-C. That will kill X and give you the person's login.
> >
> > Am I missing something?
>
> Don't start X that way.
>
This is a no-answer. Starting X from the console is a valid -- and
even prefered, IMHO -- way of starting X. If I *need* to use xdm, I'll
always have to have the memory-eating "X", which seems unaceptable for
me, if I'm not using X.
--
Luiz Otavio L. Zorzella Product Engineer
zorzella@conexware.com http://www.conexware.com
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: