Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible flaw in XFree?

From: "Nick Lange" <nicklange () wi rr com>
Date: Fri, 28 Jun 2002 18:20:26 -0700
 I would suggest taking this up with the developers of X and Xlock, perhaps
the addition of a state within Xfree86 of "locked" that would disallow the
VDG/Zap [c-a-backspace] which xlock could set when started?
 On a secured computer I would have disabled the VDG/Zap feature anyways,
because technically it *shouldn't* crash, therefore implying that you don't
need it enabled.
My .02cents,
Nick
----- Original Message -----
From: "William N. Zanatta" <william () veritel com br>
To: <vuln-dev () securityfocus com>
Sent: Friday, June 28, 2002 10:34 AM
Subject: Re: Possible flaw in XFree?



   Firstly, thank you for the answers. But...

   You have explained how to start X without letting my console opened
and that Ctrl-Alt-Backspace is a feature. I already know that. The
problem I see is: once the X session is locked, it is suposed to LOCK
the system and don't let anyone just press Ctrl-Alt-Backspace and take
it down. Also it shouldn't let people switch to console by Ctrl-Alt-Fx.
If it can't have such behavior, using xlock and stuffs like that isn't
justified.

   Got it?? I'm not discussing on whether to run X by xdm, or by
console, or even disabling 'DontZap'. I'm talking about one doing things
when it shouldn't.

   william

--
Perl combines all of the worst aspects of BASIC, C and line noise.
                 -- Keith Packard
Previous By Date Next
Previous By Thread Next

Current thread: