Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible flaw in XFree?

From: strange () nsk yi org
Date: Sat, 29 Jun 2002 00:32:27 +0100
On Fri, Jun 28, 2002 at 02:34:01PM -0300, William N. Zanatta wrote:

   Firstly, thank you for the answers. But...

   You have explained how to start X without letting my console opened 
and that Ctrl-Alt-Backspace is a feature. I already know that. The 
problem I see is: once the X session is locked, it is suposed to LOCK 
the system and don't let anyone just press Ctrl-Alt-Backspace and take 
it down. Also it shouldn't let people switch to console by Ctrl-Alt-Fx. 
If it can't have such behavior, using xlock and stuffs like that isn't 
justified.

   Got it?? I'm not discussing on whether to run X by xdm, or by 
console, or even disabling 'DontZap'. I'm talking about one doing things 
when it shouldn't.


Unix/Linux is a multiuser system. If a user had the ability to lock the
system against anyone else, I would call that a bug.

As it is, a user has the ability to lock its sessions. That's the purpose
of xlock and likes.

And if the same user or another user has the ability to switch to a new
console and start its own X server or shell, I call that a multiuser
system.

So, as I see it, one is doing things as it should...

Regards,
Luciano Rocha
Previous By Date Next
Previous By Thread Next

Current thread: