Announcement

Collapse
No announcement yet.

An Easy But Serious Screensaver Security Problem In X.Org

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • An Easy But Serious Screensaver Security Problem In X.Org

    Phoronix: An Easy But Serious Screensaver Security Problem In X.Org

    I've been alerted this afternoon that there's an outstanding security vulnerability within the current X.Org Server that's receiving little attention. This active vulnerability could allow anyone with physical access to your system to easily bypass the desktop's screen lock regardless of your desktop environment...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    Holy Crap!! I just tried this in ArchLinux with all the latest packages and it too is affected by this.

    Comment


    • #3
      Hang on, so unless I'm missing something all you have to do is press CTRL+ALT+Keypad-Multiply? I assume Keypad-Multiply is the button directly above the number 9 on my keypad? well I just tried those three button combinations and it did nothing, I'm running Linux Mint Debian Edition.

      Comment


      • #4
        definitely a show-stopper

        Comment


        • #5
          Not cool for multi-user systems!

          Comment


          • #6
            RHEL 6.x is running X.Org Server 1.10.4, so fortunately it isn't vulnerable. RHEL is one of the most likely Linux desktop OSes to be deployed in a public area such as a computer lab at a university, where you really wouldn't want someone to be able to do this.

            That said, I'm sure there is some public computer somewhere in the world where physical access of untrusted users is common/accepted, running X.Org 1.11 or later. Now people know to check before they trust the "lock screen" feature. Good find, Michael (even though you didn't originally find the issue, good job reporting it anyway).

            Comment


            • #7
              List of affected distros :


              Ubuntu 12.04 here which is not affected (running xorg 1.10.4)

              Comment


              • #8
                Pathetic. How can that slip by a whole bunch of developers who supposedly know what they're doing?
                Get back on the ship, dammit!

                Comment


                • #9
                  Originally posted by gururise View Post
                  Holy Crap!! I just tried this in ArchLinux with all the latest packages and it too is affected by this.
                  Me too. In GNOME 3, it brings me back to the desktop, but kills the top activites panel.

                  Comment


                  • #10
                    This bug is certainly not so good for marketing, its not that you get a secure system when you just fix that. You just avoid the reboot - on reboot you can get to root rights with Linux using an unlocked bootloader (which is the default) and similar to any Mac system. For Win you usually need at least a cd/usb key to boot from. A screen lock only helds back the most harmless attackers

                    Comment

                    Working...
                    X