FS#28003 - [xorg-server] 1.11 - An Easy But Serious Screensaver Security Problem In X.Org

Attached to Project: Arch Linux
Opened by Daniel (8472) - Thursday, 19 January 2012, 18:27 GMT
Last edited by Ionut Biru (wonder) - Thursday, 19 January 2012, 18:59 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To No-one
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
Bypass screensaver/locker program on xorg 1.11 and up | An Easy But Serious Screensaver Security Problem In X.Org

Additional info:
* package version(s) - 1.11


Steps to reproduce:
http://www.phoronix.com/scan.php?page=news_item&px=MTA0NTA
http://gu1.aeroxteam.fr/2012/01/19/bypass-screensaver-locker-program-xorg-111-and-up/

can you please verify it, at if confirmed, to disable it as mentioned in the 2nd URL?
This task depends upon

Closed by  Ionut Biru (wonder)
Thursday, 19 January 2012, 18:59 GMT
Reason for closing:  Duplicate
Additional comments about closing:   FS#27993 
Comment by Erik Johnson (archtaku) - Thursday, 19 January 2012, 18:47 GMT
Confirmed in 1.11.3-1. Ctrl+Alt+* kills xscreensaver when screen is locked.
Comment by Erik Johnson (archtaku) - Thursday, 19 January 2012, 18:48 GMT Comment by Daniel (8472) - Thursday, 19 January 2012, 18:50 GMT
I'm aware of the workaround, but I presume it would be good to fix it in the Arch package himself if possible, and distribute it as 1.11.3-2
Comment by Erik Johnson (archtaku) - Thursday, 19 January 2012, 18:54 GMT
Well, duh.

Loading...