[Pkg-xfce-devel] Bug#887773: It is possible to circumvent authentication after locking screen in lightdm
Josef Moosbauer
josef at moosbauer.net
Fri Jan 19 20:21:36 UTC 2018
Package: lightdm
Version: 1.18.3-1
Debian 9.3 - last dist-upgrade today 1-19-2018
uname -a: Linux smo-zen 4.9.0-5-amd64 #1 SMP Debian 4.9.65-3+deb9u2
(2018-01-04) x86_64 GNU/Linux
When I should have to enter user/password to authenticate to continue
working after locking the screen using "dm-tool lock", I am able to
avoid that by swichtching to a non X console (ALT+F1) and back to X
(ALT+F7) and I am able to continue working without giving user/password
Steps:
1. lock screen with "dm-tool lock"
2. wake up by moving mouse or pressing any key - authentication pops up
3. press ALT+F1
4. press ALT+F7
5. you are now back to work in the authenticated X-Session (Strange not
e: "dm-tool lock" does no longer lock the screen ie. does nothing)
I suggest step 4 to ask for user/password before giving access to the
system.
kind regards Josef
kind regards / mit freundlichen Grüßen
Moosbauer Josef
<josef at moosbauer.net>
GPG Fingerprint 6748 9413 0EF1 5B23 D707 DBFA 570B 00E3 4689 8CC9
"Of course I'm crazy, but that doesn't mean I'm wrong. I'm mad but not
ill"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-xfce-devel/attachments/20180119/1bb7bf41/attachment.sig>
More information about the Pkg-xfce-devel
mailing list