Re: Am I missing something or is this a HUGE security flaw?
Joey Hess writes:
> Luiz Otavio L. Zorzella wrote:
> > If someone told me he could enter in my accout if I left my screen
> > locked I would say he's nuts, but that's exactly what I found out.
> > It is a simple combinated use of X and xlock when xdm isn't used.
> > How? Let's say someone simply locks his computer with xlock.
> > All you need to do is change to text virtual console 1 with
> > CTRL-ALT-F1 (or whatever console X was started in) and press
> > CTRL-C. That will kill X and give you the person's login.
> > Am I missing something?
> Don't start X that way.
This is a no-answer. Starting X from the console is a valid -- and
even prefered, IMHO -- way of starting X. If I *need* to use xdm, I'll
always have to have the memory-eating "X", which seems unaceptable for
me, if I'm not using X.
Luiz Otavio L. Zorzella Product Engineer
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com