thims
2010-Apr-07 04:46 UTC
[Secure-testing-team] Bug#576796: xtrlock can be bypassed using TTY''s
Package: xtrlock Version: 2.0-12 Severity: grave Tags: security Justification: user security hole If one attempts to switch to a TTY while xtrlock is running, it allows the system to switch to specified TTY where xtrlock can be easily killed with "killall xtrlock". I run ratpoison, and executing xtrlock by normal means works fine, but ctrl+alt+FN changes to said TTY ratpoison was launched from, ^z then "killall xtrlock" terminates xtrlock and switching back allows user access, bypassing credentials. -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (500, ''stable'') Architecture: i386 (i686) Kernel: Linux 2.6.33.1 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages xtrlock depends on: ii libc6 2.7-18lenny2 GNU C Library: Shared libraries ii libx11-6 2:1.1.5-2 X11 client-side library xtrlock recommends no packages. xtrlock suggests no packages. -- no debconf information