Hi, I'm a angstrom 20070917 user, on spitz (Zaurus SL-C3200). I found a big security hole.
Description : -Lock display script is in /etc/apm/resume.d directory, as it, the script is started after resume, and during a short time (depending on many things, as CPU load), the session is resumed, unlocked and useable. It's possible to run a terminal, and do whatever you want, as removing the lock display script, or impeaching it to be started. Solution : -Move lock display script to /etc/apm/suspend.d, rename it to make it the last to be executed (as 99lockdisplay), or any order you want. As it, the lockdisplay is already executed when resuming. Excuse me for my poor english skill, and if my description/solution are bad. I did test all, and all what I say is reproductble on my angstrom version. Regards, Damien _______________________________________________ Angstrom-distro-users mailing list [email protected] http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/angstrom-distro-users
