oss-sec mailing list archives
gnome-shell lockscreen bypass with printscreen key
From: Daniel Kahn Gillmor <dkg () fifthhorseman net>
Date: Mon, 29 Sep 2014 10:59:23 -0400
hi OSS-security folks-- gnome-shell currently handles the lockscreen for modern versions of gnome. gnome-shell also handles the "take a screenshot" action, which is mapped by default to the prtsc key. the prtsc key is not disabled when the screen is locked. taking a bunch of screenshots at once bloats gnome-shell to the point where it's pretty easy to get it targeted by the kernel's oom-killer. This means that anyone with access to the keyboard of a locked GNOME session can (briefly) disable the lockscreen, which lets them see and interact with the running gnome session: https://bugzilla.gnome.org/show_bug.cgi?id=737456 It looks like fixes are targeted for GNOME 3.14.1. Regards, --dkg
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- gnome-shell lockscreen bypass with printscreen key Daniel Kahn Gillmor (Sep 29)