Your message dated Sun, 18 Apr 2010 16:28:23 +0200 with message-id <20100418142823.GA6238@patate.is-a-geek.org> and subject line Re: Bug#562884: proposals has caused the Debian Bug report #564080, regarding xscreensaver can be killed with Alt+SysRq+F to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 564080: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564080 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: xscreensaver can be killed with Alt+SysRq+F
- From: Lars Olav Dybsjord <larsod@ping.uio.no>
- Date: Mon, 28 Dec 2009 20:41:53 +0100
- Message-id: <20091228194153.GP11223@ping.uio.no>
Package: xscreensaver Version: 4.24-5 Severity: grave Tags: security Justification: user security hole Hi, I'm a bit new to this bugreporting stuff. I have however discovered that it is possible to kill xscreensaver with Alt+SysRq+F (if this function is not disabled). This may comprimise security when xscreensaver-command is used with the -lock option, because the screen will be unlocked. gnome-screensaver seems not to be vulnerable to this attack.
--- End Message ---
--- Begin Message ---
- To: Holger Levsen <holger@layer-acht.org>, 564080-done@bugs.debian.org
- Subject: Re: Bug#562884: proposals
- From: Julien Cristau <jcristau@debian.org>
- Date: Sun, 18 Apr 2010 16:28:23 +0200
- Message-id: <20100418142823.GA6238@patate.is-a-geek.org>
- In-reply-to: <201001071639.06773.holger@layer-acht.org>
- References: <201001071639.06773.holger@layer-acht.org>
On Thu, Jan 7, 2010 at 16:39:05 +0100, Holger Levsen wrote: > IMO either the screensaver should disable sysrq while it's locked (and enable > it after locking) or the screensaver shouldnt lock the screen, when sysrq is > enabled (and output a warning message). > I don't think there's anything the screensavers can sensibly do there. So I'm going to close this bug. Version 2.6.32-9 of the Debian kernel includes a change by Bastian Blank to restrict access to sensitive SysRq keys by default, which should cover this. Cheers, JulienAttachment: signature.asc
Description: Digital signature
--- End Message ---