oss-sec mailing list archives
Re: Screen locking programs on Xorg 1.11
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 18 Jan 2012 22:18:59 -0700
On 01/18/2012 05:03 PM, Gu1 wrote:
Hi, I recently found out that it is possible to kill a screensaver/screen locker program on the latest version of Xorg (1.11 shipped with archlinux, debian wheezy..) using the Ctrl+Alt+Multiply key binding. This behavior seems to have been introduced in a recent commit[1] and i couldn't find a way to disable it. All screen locking programs i tested (gnome-screensaver, kscreenlocker, slock, slimlock...), are basically rendered useless. Not sure if this is a bug or a feature... :) [1]: http://cgit.freedesktop.org/xorg/xserver/commit/?id=7d2543a3cb3089241982ce4f8984fd723d5312a1
Confirmed. Please use CVE-2012-0064 for this issue. -- -- Kurt Seifried / Red Hat Security Response Team
Current thread:
- Screen locking programs on Xorg 1.11 Gu1 (Jan 18)
- Re: Screen locking programs on Xorg 1.11 Michael Gilbert (Jan 18)
- Re: Screen locking programs on Xorg 1.11 Michael Gilbert (Jan 18)
- Re: Screen locking programs on Xorg 1.11 Kurt Seifried (Jan 18)
- Re: Screen locking programs on Xorg 1.11 Sebastian Pipping (Jan 18)
- Re: Screen locking programs on Xorg 1.11 Yves-Alexis Perez (Jan 19)
- Re: Screen locking programs on Xorg 1.11 Florian Weimer (Jan 19)
- Re: Screen locking programs on Xorg 1.11 Tim Zingelman (Jan 19)
- <Possible follow-ups>
- Re: Screen locking programs on Xorg 1.11 Gu1 (Jan 19)
- Re: Screen locking programs on Xorg 1.11 Michael Gilbert (Jan 18)