[Secure-testing-team] Bug#576796: xtrlock can be bypassed using TTY's

thims root.packet at gmail.com
Wed Apr 7 04:46:59 UTC 2010


Package: xtrlock
Version: 2.0-12
Severity: grave
Tags: security
Justification: user security hole

If one attempts to switch to a TTY while xtrlock is running, it allows the system to switch to 
specified TTY where xtrlock can be easily killed with "killall xtrlock". I run ratpoison, and 
executing xtrlock by normal means works fine, but ctrl+alt+FN changes to said TTY ratpoison was 
launched from, ^z then "killall xtrlock" terminates xtrlock and switching back allows user 
access, bypassing credentials.

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.33.1 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages xtrlock depends on:
ii  libc6                       2.7-18lenny2 GNU C Library: Shared libraries
ii  libx11-6                    2:1.1.5-2    X11 client-side library

xtrlock recommends no packages.

xtrlock suggests no packages.

-- no debconf information





More information about the Secure-testing-team mailing list