[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] gnome-shell lockscreen bypass with printscreen key
From:       Daniel Kahn Gillmor <dkg () fifthhorseman ! net>
Date:       2014-09-29 14:59:23
Message-ID: 542973CB.4010605 () fifthhorseman ! net
[Download RAW message or body]


hi OSS-security folks--

gnome-shell currently handles the lockscreen for modern versions of gnome.

gnome-shell also handles the "take a screenshot" action, which is mapped
by default to the prtsc key.

the prtsc key is not disabled when the screen is locked.

taking a bunch of screenshots at once bloats gnome-shell to the point
where it's pretty easy to get it targeted by the kernel's oom-killer.

This means that anyone with access to the keyboard of a locked GNOME
session can (briefly) disable the lockscreen, which lets them see and
interact with the running gnome session:

  https://bugzilla.gnome.org/show_bug.cgi?id=737456

It looks like fixes are targeted for GNOME 3.14.1.

Regards,

	--dkg


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]