Michaël Vanderheeren wrote:
I think there's a security leak in F7. I found out the next thing:
Look at this situation:
There are 2 accounts on a computer, call them A and B. Each account has
it's own different password.
Person A starts up the computer and logs in. But at a certain point
person B wants to use his account for 5 minutes. So he uses the Fast
User Switch. As this happens person A's account stays active. But…
person B can switch back to person A's account without entering a
password! So if person A is gone for a while, person B can steal his
documents, delete files, …
Like you were already told in fedora-devel list, if the screen saver
doesnt lock the screen automatically on a fast user switch, you would
need to file a bug report in http://bugzilla.redhat.com against the fast
user switch applet.
Rahul
--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list
