On Thu, Jan 19, 2012 at 8:08 PM, Tavian Barnes <tavianator@xxxxxxxxxxxxxx> wrote: > On 19 January 2012 18:23, Dmitry Korzhevin <dkorzhevin@xxxxxxxxxxxx> wrote: >> a funny bug in the Xorg server that could allow attackers with physical >> access to a machine to bypass the screensaver/screen locker program. >> Most people use those programs to lock their computer when they are >> away. On Gnome, gnome-screensaver is responsible for this. On KDE, >> kscreenlocker is. There is a wide variety of smaller tools doing the >> same thing, e.g. slock, slimlock, i3lock... >> >> Read more: >> http://gu1.aeroxteam.fr/2012/01/19/bypass-screensaver-locker-program-xorg-111-and-up >> >> ctrl+atl+*(on num lock keyboard) confirmed and work in arch linux. > > IMO, it's not an X.Org or configuration bug, it's a bug in all the > screen lockers. > > http://seclists.org/oss-sec/2012/q1/217 > > -- > Tavian Barnes No Happy Hacking Keyboard (1996 IBM Model M, baby!), but I do use a custom keyboard layout that allows me to type international letters and switch entirely to a phonetic Cyrillic layout. In playing about, it looks like if your WM (or another program?) grabs the alt key, as does xmonad by default, then the combination won't produce the result. I have Caps Lock send mod4mask (the Windows key), have left Alt send Alt, and right Alt send AltGr. I can kill xscreensaver with Ctrl-Left Alt-Keypad *, but not with Right Alt, which would make sense given the keyboard setup. In the end, though, I think Tavian is right. Before they reintroduced this feature, it was up to applications to disable it themselves, IIRC.
