On Jan 20, 2012 2:10 AM, "Florian Pritz" <bluewind@xxxxxxx> wrote: > > On 20.01.2012 02:18, David J. Haines wrote: > > On Thu, Jan 19, 2012 at 8:08 PM, Tavian Barnes > > <tavianator@xxxxxxxxxxxxxx> wrote: > >> On 19 January 2012 18:23, Dmitry Korzhevin <dkorzhevin@xxxxxxxxxxxx> wrote: > >>> a funny bug in the Xorg server that could allow attackers with physical > >>> access to a machine to bypass the screensaver/screen locker program. > >>> Most people use those programs to lock their computer when they are > >>> away. On Gnome, gnome-screensaver is responsible for this. On KDE, > >>> kscreenlocker is. There is a wide variety of smaller tools doing the > >>> same thing, e.g. slock, slimlock, i3lock... > >>> > >>> Read more: > >>> http://gu1.aeroxteam.fr/2012/01/19/bypass-screensaver-locker-program-xorg-111-and-up > >>> > >>> ctrl+atl+*(on num lock keyboard) confirmed and work in arch linux. > >> > >> IMO, it's not an X.Org or configuration bug, it's a bug in all the > >> screen lockers. > >> > >> http://seclists.org/oss-sec/2012/q1/217 > >> > >> -- > >> Tavian Barnes > > > > No Happy Hacking Keyboard (1996 IBM Model M, baby!), but I do use a > > custom keyboard layout that allows me to type international letters > > and switch entirely to a phonetic Cyrillic layout. > > Please check if your custom layout contains the string "XF86_ClearGrab" > (maybe also without the underscore) and if yes, replace it with > "NoSymbol". Don't forget to reload it afterwards. > > -- > Florian Pritz > I will be sure to do that, but that does seem only to address the symptom and not the underlying sickness. As I intimated earlier, this is most likely an issue for the app (or more precisely screen locking app) writers. Thanks for what looks to be a great intirim solution!
