mailing list archives
Re: Screen locking programs on Xorg 1.11
From: Tim Zingelman <tez () netbsd org>
Date: Thu, 19 Jan 2012 17:35:23 -0600
On Thu, Jan 19, 2012 at 1:18 PM, Florian Weimer <fw () deneb enyo de> wrote:
I recently found out that it is possible to kill a screensaver/screen
locker program on the latest version of Xorg (1.11 shipped with
archlinux, debian wheezy..) using the Ctrl+Alt+Multiply key binding.
This used to be, uhm, common knowledge:
| Option "AllowDeactivateGrabs" "boolean"
| This option enables the use of the Ctrl+Alt+Keypad-Divide key
| sequence to deactivate any active keyboard and mouse
| grabs. Default: off.
| Option "AllowClosedownGrabs" "boolean"
| This option enables the use of the Ctrl+Alt+Keypad-Multiply key
| sequence to kill clients with an active keyboard or mouse grab as
| well as killing any application that may have locked the server,
| normally using the XGrabServer(3x) Xlib function. Default: off.
| Note that the options AllowDeactivateGrabs and AllowClosedownGrabs
| will allow users to remove the grab used by screen saver/locker
| programs. An API was written to such cases. If you enable this
| option, make sure your screen saver/locker is updated.
The API in question appears to be XF86MiscSetGrabKeysState:
Given this additional information isn't this a vulnerability issue in
the various screen lock applications rather than an issue with the