[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Security hole (or feature ;) in KDE Screensavers
From:       Geert Jansen <g.t.jansen () stud ! tue ! nl>
Date:       1999-10-16 18:16:30
[Download RAW message or body]

Markus Goetz wrote:
 
> when i use a screen saver to protect my computer while i am away, anybody who
> wants to acess my computer needs the password.
> 
> But this is really NO PROTECTION ... if i do a startx from tty1, my X11 is on
> tty7 .. The one who wants acess to my account when i am away from my desktop
> does just have to press CTRL+ALT+F1, then he gets to the X11 Output where i
> used startx to start X11... so now he just has to press CTRL+C to kill X11 and
> has acess to my account and may type rm -rf $HOME ...
> 
> So why the hell is there a password protection in the kde screen savers if it
> is useless ???

It is safe when you start X from x/kdm. This is recommended anyway because
then the X server doesn't need to be suid root.

Greetings,
-- 
    Geert Jansen                       email: <g.t.jansen at stud.tue.nl>
    Phylosopher, Physicist                        PGP key ID: 0xD2B5E7CE

[prev in list] [next in list] [prev in thread] [next in thread]