[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] gnome-shell lockscreen bypass with printscreen key
From: Daniel Kahn Gillmor <dkg () fifthhorseman ! net>
Date: 2014-09-29 14:59:23
Message-ID: 542973CB.4010605 () fifthhorseman ! net
[Download RAW message or body]
hi OSS-security folks--
gnome-shell currently handles the lockscreen for modern versions of gnome.
gnome-shell also handles the "take a screenshot" action, which is mapped
by default to the prtsc key.
the prtsc key is not disabled when the screen is locked.
taking a bunch of screenshots at once bloats gnome-shell to the point
where it's pretty easy to get it targeted by the kernel's oom-killer.
This means that anyone with access to the keyboard of a locked GNOME
session can (briefly) disable the lockscreen, which lets them see and
interact with the running gnome session:
https://bugzilla.gnome.org/show_bug.cgi?id=737456
It looks like fixes are targeted for GNOME 3.14.1.
Regards,
--dkg
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic