127809 – With local access, attacker can kill X server by ctrl alt backspace and gain root or user console if startx is used

Bug 127809 - With local access, attacker can kill X server by ctrl alt backspace and gain root or user console if startx is used

Summary: With local access, attacker can kill X server by ctrl alt backspace and gain...

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High critical (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-03-27 19:45 UTC by Kristina
Modified:	2006-03-27 23:40 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kristina 2006-03-27 19:45:29 UTC

When using startx as the command to start your display manager, I noticed that if you lock your session while logged into an environment such as KDE, (3.4 more specifically), the ctrl alt backspace (aka don't zap) option does not get disabled, thus, an attacker with physical access to the machine can zap the X server in which case it will bounce back to tty1 (assuming udev) or vc/1 (devfs) and the attacker gains the shell with privileges of which startx had.  Example, a root or user shell.

Comment 1 Tavis Ormandy (RETIRED) gentoo-dev

2006-03-27 23:40:39 UTC

This is by design, as you mention, DontZap is the solution if that is something you want to do.