Re: Possible flaw in XFree?

From: Nick Lange (nicklangeat_private)
Date: Fri Jun 28 2002 - 18:20:26 PDT

  • Next message: strangeat_private: "Re: Possible flaw in XFree?"

     I would suggest taking this up with the developers of X and Xlock, perhaps
    the addition of a state within Xfree86 of "locked" that would disallow the
    VDG/Zap [c-a-backspace] which xlock could set when started?
     On a secured computer I would have disabled the VDG/Zap feature anyways,
    because technically it *shouldn't* crash, therefore implying that you don't
    need it enabled.
    My .02cents,
    Nick
    ----- Original Message -----
    From: "William N. Zanatta" <williamat_private>
    To: <vuln-devat_private>
    Sent: Friday, June 28, 2002 10:34 AM
    Subject: Re: Possible flaw in XFree?
    
    
    >    Firstly, thank you for the answers. But...
    >
    >    You have explained how to start X without letting my console opened
    > and that Ctrl-Alt-Backspace is a feature. I already know that. The
    > problem I see is: once the X session is locked, it is suposed to LOCK
    > the system and don't let anyone just press Ctrl-Alt-Backspace and take
    > it down. Also it shouldn't let people switch to console by Ctrl-Alt-Fx.
    > If it can't have such behavior, using xlock and stuffs like that isn't
    > justified.
    >
    >    Got it?? I'm not discussing on whether to run X by xdm, or by
    > console, or even disabling 'DontZap'. I'm talking about one doing things
    > when it shouldn't.
    >
    >    william
    >
    > --
    > Perl combines all of the worst aspects of BASIC, C and line noise.
    >                  -- Keith Packard
    >
    



    This archive was generated by hypermail 2b30 : Fri Jun 28 2002 - 16:29:02 PDT