Secure testing team - Dec 2008 - Bug#507558: ignores "LockXLock yes" setting in /etc/hibernate/common.conf (e.g. does not lock the screen)

Package: hibernate
Version: 1.99-1
Severity: grave
Tags: security
Justification: user security hole

hi,
i just noticed that for some reason the X session is not locked after a
successfull resume which cause a serious security problem in my opinion.

yours
albert

-- Package-specific info:
--- configuration
==> /etc/hibernate/common.conf <=Verbosity 0
LogFile /var/log/hibernate.log
LogVerbosity 4
Distribution debian
SaveClock restore-only
 IbmAcpi yes
 LockXLock yes
OnResume 20 /usr/sbin/anacron -s
UnloadBlacklistedModules yes
LoadModules auto
 PauseAudio yes
 EjectCards yes
 RestartServices laptop-mode
RestartServices cron
SwitchToTextMode yes
==> /etc/hibernate/disk.conf <=TryMethod ususpend-disk.conf
TryMethod sysfs-disk.conf
==> /etc/hibernate/hibernate.conf <=TryMethod suspend2.conf
TryMethod disk.conf
TryMethod ram.conf
==> /etc/hibernate/ram.conf <=TryMethod ususpend-ram.conf
TryMethod sysfs-ram.conf
==> /etc/hibernate/suspend2.conf <=UseSuspend2 yes
Reboot no
EnableEscape yes
DefaultConsoleLevel 1
Compressor lzf
Encryptor none
FullSpeedCPU yes
Include common.conf
==> /etc/hibernate/sysfs-disk.conf <=UseSysfsPowerState disk
Include common.conf
==> /etc/hibernate/sysfs-ram.conf <=UseSysfsPowerState mem
Include common.conf
==> /etc/hibernate/ususpend-both.conf <=USuspendMethod both
Include common.conf
==> /etc/hibernate/ususpend-disk.conf <=USuspendMethod disk
Include common.conf
==> /etc/hibernate/ususpend-ram.conf <=USuspendMethod ram
Include common.conf

--- /sys/power
==> /sys/power/disk <=[platform] test testproc shutdown reboot 
==> /sys/power/image_size <=973892157
==> /sys/power/resume <=254:6
==> /sys/power/state <=mem disk

--- log
http://albertd.nicenamecrew.com/hibernate.log.bz2

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, ''unstable''), (1,
''experimental'')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages hibernate depends on:
ii  kbd                           1.14.1-4   Linux console font and keytable ut

Versions of packages hibernate recommends:
ii  dash                          0.5.4-12   POSIX-compliant shell
ii  hdparm                        8.9-2      tune hard disk parameters for high
ii  uswsusp                       0.8-1.1    tools to use userspace software su
ii  vbetool                       1.0-3      run real-mode video BIOS code to a

Versions of packages hibernate suggests:
pn  915resolution                 <none>     (no description available)
ii  xscreensaver                  5.05-3     Automatic screensaver for X

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 315 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20081202/63c02bec/attachment.pgp