Bug#576796: marked as done (xtrlock can be bypassed using TTY's)

Wed, 07 Apr 2010 04:54:03 -0700 

Your message dated Wed, 07 Apr 2010 12:03:39 +0100
with message-id <4bbc668b.9030...@debian.org>
and subject line Re: Bug#576796: xtrlock can be bypassed using TTY's
has caused the Debian Bug report #576796,
regarding xtrlock can be bypassed using TTY's
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
576796: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576796
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: xtrlock
Version: 2.0-12
Severity: grave
Tags: security
Justification: user security hole

If one attempts to switch to a TTY while xtrlock is running, it allows the 
system to switch to 
specified TTY where xtrlock can be easily killed with "killall xtrlock". I run 
ratpoison, and 
executing xtrlock by normal means works fine, but ctrl+alt+FN changes to said 
TTY ratpoison was 
launched from, ^z then "killall xtrlock" terminates xtrlock and switching back 
allows user 
access, bypassing credentials.

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.33.1 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages xtrlock depends on:
ii  libc6                       2.7-18lenny2 GNU C Library: Shared libraries
ii  libx11-6                    2:1.1.5-2    X11 client-side library

xtrlock recommends no packages.

xtrlock suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Hi,

thims wrote:

Package: xtrlock
Version: 2.0-12
Severity: grave
Tags: security
Justification: user security hole
If one attempts to switch to a TTY while xtrlock is running, it allows the system to switch to specified TTY where xtrlock can be easily killed with "killall xtrlock". I run ratpoison, and executing xtrlock by normal means works fine, but ctrl+alt+FN changes to said TTY ratpoison was launched from, ^z then "killall xtrlock" terminates xtrlock and switching back allows user access, bypassing credentials.
I'm sorry, but this isn't a bug in xtrlock. Clearly, a user having access to one of your shells can kill xtrlock (consider the case of you leaving an ssh connection logged in elsewhere). There's no need to run your wm from a TTY - you could just log in via xdm or gdm, for example, and run ratpoison in .xsession
Alternatively, use the DontVTSwitch option in xorg.conf (documented in the man page), which will disable the option of switching out of X using the Control-Alt-FN keystroke. 

Regards,

Matthew

--- End Message ---

Reply via email to