On 20.01.2012 18:38, Sébastien le Preste de Vauban wrote: > El 20/01/12 04:10, Florian Pritz escribió: >> On 20.01.2012 02:18, David J. Haines wrote: >>> On Thu, Jan 19, 2012 at 8:08 PM, Tavian Barnes >>> <tavianator@xxxxxxxxxxxxxx> wrote: >>>> On 19 January 2012 18:23, Dmitry Korzhevin<dkorzhevin@xxxxxxxxxxxx> wrote: >>>>> a funny bug in the Xorg server that could allow attackers with physical >>>>> access to a machine to bypass the screensaver/screen locker program. >>>>> Most people use those programs to lock their computer when they are >>>>> away. On Gnome, gnome-screensaver is responsible for this. On KDE, >>>>> kscreenlocker is. There is a wide variety of smaller tools doing the >>>>> same thing, e.g. slock, slimlock, i3lock... >>>>> >>>>> Read more: >>>>> http://gu1.aeroxteam.fr/2012/01/19/bypass-screensaver-locker-program-xorg-111-and-up >>>>> >>>>> ctrl+atl+*(on num lock keyboard) confirmed and work in arch linux. >>>> IMO, it's not an X.Org or configuration bug, it's a bug in all the >>>> screen lockers. >>>> >>>> http://seclists.org/oss-sec/2012/q1/217 >>>> >>>> -- >>>> Tavian Barnes >>> No Happy Hacking Keyboard (1996 IBM Model M, baby!), but I do use a >>> custom keyboard layout that allows me to type international letters >>> and switch entirely to a phonetic Cyrillic layout. >> Please check if your custom layout contains the string "XF86_ClearGrab" >> (maybe also without the underscore) and if yes, replace it with >> "NoSymbol". Don't forget to reload it afterwards. >> > I did that and it solved the problem with the ctrl+atl+* key combo, but > I realized that ctrl+atl+/ does the same thing =( > I attach my custom xkbcomp file. The 4 debug symbols are: XF86LogGrabInfo, XF86Ungrab, XF86ClearGrab, XF86LogWindowTree Ungrab and ClearGrab can break things, while Log* are pretty harmless. -- Florian Pritz
Attachment:
signature.asc
Description: OpenPGP digital signature
