Vulnerability Development mailing list archives
Re: Possible flaw in XFree?
From: "Nick Lange" <nicklange () wi rr com>
Date: Fri, 28 Jun 2002 18:20:26 -0700
I would suggest taking this up with the developers of X and Xlock, perhaps the addition of a state within Xfree86 of "locked" that would disallow the VDG/Zap [c-a-backspace] which xlock could set when started? On a secured computer I would have disabled the VDG/Zap feature anyways, because technically it *shouldn't* crash, therefore implying that you don't need it enabled. My .02cents, Nick ----- Original Message ----- From: "William N. Zanatta" <william () veritel com br> To: <vuln-dev () securityfocus com> Sent: Friday, June 28, 2002 10:34 AM Subject: Re: Possible flaw in XFree?
Firstly, thank you for the answers. But... You have explained how to start X without letting my console opened and that Ctrl-Alt-Backspace is a feature. I already know that. The problem I see is: once the X session is locked, it is suposed to LOCK the system and don't let anyone just press Ctrl-Alt-Backspace and take it down. Also it shouldn't let people switch to console by Ctrl-Alt-Fx. If it can't have such behavior, using xlock and stuffs like that isn't justified. Got it?? I'm not discussing on whether to run X by xdm, or by console, or even disabling 'DontZap'. I'm talking about one doing things when it shouldn't. william -- Perl combines all of the worst aspects of BASIC, C and line noise. -- Keith Packard
Current thread:
- Possible flaw in XFree? William N. Zanatta (Jun 28)
- Re: Possible flaw in XFree? Philip Rowlands (Jun 28)
- Re: Possible flaw in XFree? Jedi/Sector One (Jun 28)
- Re: Possible flaw in XFree? mdonnelly (Jun 28)
- Re: Possible flaw in XFree? Vanja Hrustic (Jun 28)
- Re: Possible flaw in XFree? Valdis . Kletnieks (Jun 28)
- Re: Possible flaw in XFree? Nuno Branco (Jun 28)
- Re: Possible flaw in XFree? Vilmos Soti (Jun 28)
- Message not available
- Re: Possible flaw in XFree? William N. Zanatta (Jun 28)
- Re: Possible flaw in XFree? Nick Lange (Jun 28)
- Re: Possible flaw in XFree? Timothy J . Miller (Jun 29)
- Re: Possible flaw in XFree? strange (Jun 28)
- Re: Possible flaw in XFree? Ross Nelson (Jun 29)
- Re: Possible flaw in XFree? Michael Jennings (Jun 29)
- Simple Wais 1.11 allows users to execute commands as SWAIS deamon. John Thornton (Jun 29)
- Re: Possible flaw in XFree? William N. Zanatta (Jun 28)
- Re: Possible flaw in XFree? Edsel Adap (Jun 29)
- <Possible follow-ups>
- Re: Possible flaw in XFree? Patrick van Zweden (Jun 28)
- Re: Possible flaw in XFree? mdonnelly (Jun 28)
- FW: Possible flaw in XFree? Andy Wood (Jun 29)