[Secure-testing-team] Bug#576796: xtrlock can be bypassed using TTY's
thims
root.packet at gmail.com
Wed Apr 7 04:46:59 UTC 2010
Package: xtrlock
Version: 2.0-12
Severity: grave
Tags: security
Justification: user security hole
If one attempts to switch to a TTY while xtrlock is running, it allows the system to switch to
specified TTY where xtrlock can be easily killed with "killall xtrlock". I run ratpoison, and
executing xtrlock by normal means works fine, but ctrl+alt+FN changes to said TTY ratpoison was
launched from, ^z then "killall xtrlock" terminates xtrlock and switching back allows user
access, bypassing credentials.
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.33.1 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages xtrlock depends on:
ii libc6 2.7-18lenny2 GNU C Library: Shared libraries
ii libx11-6 2:1.1.5-2 X11 client-side library
xtrlock recommends no packages.
xtrlock suggests no packages.
-- no debconf information
More information about the Secure-testing-team
mailing list