Red Hat Bugzilla – Bug 78597
xscreensaver lock can be bypassed by ctrl-alt-backspace
Last modified: 2008-05-01 11:38:04 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003
Description of problem:
Locking the screen with xscreensaver is unsafe, because anybody can hit
ctrl-alt-backspace, killing the X server and falling right into my account's
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. login (in text mode)
3. lock the screen
4. press ctrl-alt-backspace
Actual Results: The X server will die, and you will be back to your shell prompt.
Expected Results: xscreensaver should ignore ctrl-alt-backspace.
*** This bug has been marked as a duplicate of 26933 ***
There is a simple solution to the problem. Just add this to /etc/X11/XF86Config:
Option "DontZap" "true"
Is it impossible to set the system up in init 5 so that killing an X session
will just spawn another X session? I think firstname.lastname@example.org's solution
is a viable one for those who simply want to start in init 3, and probably
should be added to the documentation if it is not already there (or possibly the
X configuration application).
The solution I suggested doesn't really solve the problem. A malicious person
can still press ctrl-alt-F1 to get to the console where I typed startx, and then
hit ctrl-C, killing the X server and getting access to my shell prompt.
That would be a configuration issue, not a screensaver issue.
wtcorrea, I agree that your original suggestion doesn't really solve the
problem. In fact, I would argue that the X screensaver isn't really a viable
way to secure your system.
I would suggest one of two things:
1) As Mr. Yohe points out, you can make sure that the machine boots into
runlevel 5. That way, if they ctrl-alt-backspace, it just restarts X and
returns to the login screen (gdm). If they hit alt-F1, it takes them to the
console login screen.
2) If you must boot the machine in runlevel 3, then make sure to close X and
log out of the machine when you are not at the machine.
I don't think there's much else from a configuration standpoint I can do to
help. Besides, if other people have physical access to your machine then you
are already in trouble. All it takes is someone to press the reset button and
boot into single user mode. Then they can do anything they want to. Resolving