Vulnerability Development mailing list archives
Re: Possible flaw in XFree?
From: Vanja Hrustic <vanja () vanja com>
Date: Fri, 28 Jun 2002 23:24:45 +0700
On Thu, 27 Jun 2002 16:06:55 -0300 "William N. Zanatta" <william () veritel com br> wrote:
Hi folks, Talking about some bad experiences with my friend, I discovered (he told me) it is possible to abort a X session even when the screen is locked by some kind of application like 'xlock'. I have made the following test: 1. Logged into the system as 'william' (a normal non-privileged user). 2. startx 3. Run xlock ... the screen is now locked... 4. Tried a hit on some keys. The password screen appears. 5. Then, 'ctrl-alt-backspace' and voila... X is down and my console is there, opened for me.
This is very old issue. You don't even need to kill the X session. Just use CTRL+ALT+F[1-6] (at least on Linux) to switch back to the console. If you get back to the console from which X was started, just kill it with CTRL+C. Never start X from your shell with 'startx' only. Use XDM/KDM/GSM or some other display manager. If you have to use startx, do something like: "startx & exit" Now, if X is killed with CTRL+ALT+BACKSPACE (or user switched back to console) , it'll welcome you with the login prompt. Vanja ======================================================================= Politicians are people who, when they see the light at the end of the tunnel, go out and buy more tunnel. - John Quinton =======================================================================
Current thread:
- Possible flaw in XFree? William N. Zanatta (Jun 28)
- Re: Possible flaw in XFree? Philip Rowlands (Jun 28)
- Re: Possible flaw in XFree? Jedi/Sector One (Jun 28)
- Re: Possible flaw in XFree? mdonnelly (Jun 28)
- Re: Possible flaw in XFree? Vanja Hrustic (Jun 28)
- Re: Possible flaw in XFree? Valdis . Kletnieks (Jun 28)
- Re: Possible flaw in XFree? Nuno Branco (Jun 28)
- Re: Possible flaw in XFree? Vilmos Soti (Jun 28)
- Message not available
- Re: Possible flaw in XFree? William N. Zanatta (Jun 28)
- Re: Possible flaw in XFree? Nick Lange (Jun 28)
- Re: Possible flaw in XFree? Timothy J . Miller (Jun 29)
- Re: Possible flaw in XFree? strange (Jun 28)
- Re: Possible flaw in XFree? Ross Nelson (Jun 29)
- Re: Possible flaw in XFree? Michael Jennings (Jun 29)
- Simple Wais 1.11 allows users to execute commands as SWAIS deamon. John Thornton (Jun 29)
- Re: Possible flaw in XFree? William N. Zanatta (Jun 28)