Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible flaw in XFree?

From: Vanja Hrustic <vanja () vanja com>
Date: Fri, 28 Jun 2002 23:24:45 +0700
On Thu, 27 Jun 2002 16:06:55 -0300
"William N. Zanatta" <william () veritel com br> wrote:


Hi folks,

   Talking about some bad experiences with my friend, I discovered (he 
told me) it is possible to abort a X session even when the screen is 
locked by some kind of application like 'xlock'.

   I have made the following test:

   1. Logged into the system as 'william' (a normal non-privileged
   user). 2. startx
   3. Run xlock
   ... the screen is now locked...
   4. Tried a hit on some keys. The password screen appears.
   5. Then, 'ctrl-alt-backspace' and voila... X is down and my console 
is there, opened for me.


This is very old issue.

You don't even need to kill the X session. Just use CTRL+ALT+F[1-6] (at
least on Linux) to switch back to the console. If you get back to the
console from which X was started, just kill it with CTRL+C.

Never start X from your shell with 'startx' only. Use XDM/KDM/GSM or some
other display manager.

If you have to use startx, do something like:

"startx & exit"

Now, if X is killed with CTRL+ALT+BACKSPACE (or user switched back to
console) , it'll welcome you with the login prompt.

Vanja

=======================================================================
 Politicians are people who, when they see the light at the end of the
 tunnel, go out and buy more tunnel. - John Quinton
=======================================================================
Previous By Date Next
Previous By Thread Next

Current thread: