I would suggest taking this up with the developers of X and Xlock, perhaps the addition of a state within Xfree86 of "locked" that would disallow the VDG/Zap [c-a-backspace] which xlock could set when started? On a secured computer I would have disabled the VDG/Zap feature anyways, because technically it *shouldn't* crash, therefore implying that you don't need it enabled. My .02cents, Nick ----- Original Message ----- From: "William N. Zanatta" <williamat_private> To: <vuln-devat_private> Sent: Friday, June 28, 2002 10:34 AM Subject: Re: Possible flaw in XFree? > Firstly, thank you for the answers. But... > > You have explained how to start X without letting my console opened > and that Ctrl-Alt-Backspace is a feature. I already know that. The > problem I see is: once the X session is locked, it is suposed to LOCK > the system and don't let anyone just press Ctrl-Alt-Backspace and take > it down. Also it shouldn't let people switch to console by Ctrl-Alt-Fx. > If it can't have such behavior, using xlock and stuffs like that isn't > justified. > > Got it?? I'm not discussing on whether to run X by xdm, or by > console, or even disabling 'DontZap'. I'm talking about one doing things > when it shouldn't. > > william > > -- > Perl combines all of the worst aspects of BASIC, C and line noise. > -- Keith Packard >
This archive was generated by hypermail 2b30 : Fri Jun 28 2002 - 16:29:02 PDT