xlockmore - serious security issue
tarc at tarc.po.cs.msu.su
Tue Jun 13 23:58:16 UTC 2006
> FORBIDDEN and a VuXML entry seems in a way a bit overkill to me seems
> a bit overkill to me, since it's not really a vulnerability, but I'm
> open to input.
> As mentioned by others, xlockmore is fundamentally flawed
> wrt. guaranteeing that the screen stays locked in that the
> screensavers code can kill the lock, which it should not be able to
> Has anyone contacted the xlockmore author for comment on this issue?
> One thing we could do right now is to add a message at install time
> warning that xlockmore might unlock the screen (a bit like the Pine
> Simon L. Nielsen
xlockmore catchs SIGINT SIGTERM SIGQUIT SIGSEGV SIGBUS SIGFPE and SIGHUP if compilled with debug.
on these signals it lockout your display.
But you can lock vt switching
More information about the freebsd-ports