Possible flaw in XFree?

["William N. Zanatta" <william () veritel com br>]

Hi folks,

  Talking about some bad experiences with my friend, I discovered (he 
told me) it is possible to abort a X session even when the screen is 
locked by some kind of application like 'xlock'.

  I have made the following test:

  1. Logged into the system as 'william' (a normal non-privileged user).
  2. startx
  3. Run xlock
  ... the screen is now locked...
  4. Tried a hit on some keys. The password screen appears.
  5. Then, 'ctrl-alt-backspace' and voila... X is down and my console 
is there, opened for me.

  I see this as a serious problem once one could let his/her X session 
opened and locked and anyone who have access to that machine could abort 
the X session and start playing around with the logged user's shell 
(which could be the root shell).

  What about that?

  Tested on:
-------------------------------------
XFree86 Version 4.1.0 / X Window System
(protocol Version 11, revision 0, vendor release 6510)
Release Date: 2 June 2001
        If the server is older than 6-12 months, or if your card is
        newer than the above date, look for a newer version before
        reporting problems.  (See http://www.XFree86.Org/FAQ)
Build Operating System: Linux 2.2.19 i686 [ELF]
-------------------------------------

  Regards,

  William Zanatta

--
Perl combines all of the worst aspects of BASIC, C and line noise.
                -- Keith Packard