Bug 78597 - xscreensaver lock can be bypassed by ctrl-alt-backspace
xscreensaver lock can be bypassed by ctrl-alt-backspace
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: redhat-config-xfree86 (Show other bugs)
8.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Brent Fox
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-11-26 00:06 EST by Wagner T. Correa
Modified: 2008-05-01 11:38 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-12-23 02:26:35 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Wagner T. Correa 2002-11-26 00:06:41 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Description of problem:
Locking the screen with xscreensaver is unsafe, because anybody can hit
ctrl-alt-backspace, killing the X server and falling right into my account's
shell prompt.

Version-Release number of selected component (if applicable):
xscreensaver-4.05-6

How reproducible:
Always

Steps to Reproduce:
1. login (in text mode)
2. startx
3. lock the screen
4. press ctrl-alt-backspace


Actual Results:  The X server will die, and you will be back to your shell prompt.


Expected Results:  xscreensaver should ignore ctrl-alt-backspace.


Additional info:
Comment 1 Bill Nottingham 2002-11-26 00:16:28 EST

*** This bug has been marked as a duplicate of 26933 ***
Comment 2 Wagner T. Correa 2002-11-26 21:25:53 EST
There is a simple solution to the problem.  Just add this to /etc/X11/XF86Config:

Section "ServerFlags"
        Option "DontZap"  "true"
EndSection
Comment 3 Michael Lee Yohe 2002-11-27 00:58:23 EST
Is it impossible to set the system up in init 5 so that killing an X session
will just spawn another X session?  I think wtcorrea@cs.princeton.edu's solution
is a viable one for those who simply want to start in init 3, and probably
should be added to the documentation if it is not already there (or possibly the
X configuration application).
Comment 4 Wagner T. Correa 2002-11-28 15:48:24 EST
The solution I suggested doesn't really solve the problem.  A malicious person
can still press ctrl-alt-F1 to get to the console where I typed startx, and then
hit ctrl-C, killing the X server and getting access to my shell prompt.
Comment 5 Bill Nottingham 2002-12-02 13:44:25 EST
That would be a configuration issue, not a screensaver issue.
Comment 6 Brent Fox 2002-12-23 02:26:35 EST
wtcorrea, I agree that your original suggestion doesn't really solve the
problem.  In fact, I would argue that the X screensaver isn't really a viable
way to secure your system.  

I would suggest one of two things:
1)  As Mr. Yohe points out, you can make sure that the machine boots into
runlevel 5.  That way, if they ctrl-alt-backspace, it just restarts X and
returns to the login screen (gdm).  If they hit alt-F1, it takes them to the
console login screen.
2)  If you must boot the machine in runlevel 3, then make sure to close X and
log out of the machine when you are not at the machine.

I don't think there's much else from a configuration standpoint I can do to
help.  Besides, if other people have physical access to your machine then you
are already in trouble.  All it takes is someone to press the reset button and
boot into single user mode.  Then they can do anything they want to.  Resolving
as 'notabug'

Note You need to log in before you can comment on or make changes to this bug.