xlockmore - serious security issue
Tarc
tarc at tarc.po.cs.msu.su
Tue Jun 13 23:58:16 UTC 2006
> FORBIDDEN and a VuXML entry seems in a way a bit overkill to me seems
> a bit overkill to me, since it's not really a vulnerability, but I'm
> open to input.
>
> As mentioned by others, xlockmore is fundamentally flawed
> wrt. guaranteeing that the screen stays locked in that the
> screensavers code can kill the lock, which it should not be able to
> happen.
>
> Has anyone contacted the xlockmore author for comment on this issue?
>
> One thing we could do right now is to add a message at install time
> warning that xlockmore might unlock the screen (a bit like the Pine
> warning).
>
> --
> Simon L. Nielsen
about signals:
xlockmore catchs SIGINT SIGTERM SIGQUIT SIGSEGV SIGBUS SIGFPE and SIGHUP if compilled with debug.
on these signals it lockout your display.
But you can lock vt switching
--
Best regards,
Arseny Nasokin
More information about the freebsd-ports
mailing list