[Bug 303637] [NEW] Ability to kill gnome-screensaver makes it easy to defeat the lock screen dialog

Sun, 30 Nov 2008 01:36:28 -0800 

Public bug reported:

Binary package hint: gnome-screensaver

By going to any of the ttys it is possible to terminate gnome-
screensaver and gain access to the machine. Although ttys themselves are
protected with passwords, these can be left unlocked accidentally, and
running "killall gnome-screensaver" we can get rid of the dialog and
gain full access to the computer.

What I suggest is:
 A) Protect ttys after locking; also lock them with a password, or;
 B) Protect the process so that it requires sudo privileges to kill, like 
mysql/apache, or;
 C) Make sure some parent process which can't be terminated can pop up the 
gnome-screensaver when it is killed. Said process cannot be terminated, like 
suggestion A.

I am typing this on my laptop which I just defeated using the
aforementioned technique.

** Affects: gnome-screensaver (Ubuntu)
     Importance: Undecided
         Status: New

** Description changed:

  Binary package hint: gnome-screensaver
  
  By going to any of the ttys it is possible to terminate gnome-
  screensaver and gain access to the machine. Although ttys themselves are
  protected with passwords, these can be left unlocked accidentally, and
  running "killall gnome-screensaver" we can get rid of the dialog and
  gain full access to the computer.
  
  What I suggest is:
   A) Protect ttys after locking; also lock them with a password, or;
   B) Protect the process so that it requires sudo privileges to kill, like 
mysql/apache, or;
-  C) Make sure some parent process which can't be terminated can pop up the 
gnome-screensaver when called.
+  C) Make sure some parent process which can't be terminated can pop up the 
gnome-screensaver when it is killed. Said process cannot be terminated, like 
suggestion A.
  
  I am typing this on my laptop which I just defeated using the
  aforementioned technique.

-- 
Ability to kill gnome-screensaver makes it easy to defeat the lock screen dialog
https://bugs.launchpad.net/bugs/303637
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to