Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 44323 - Security flaw in KDE makes login to locked screen possible
Summary: Security flaw in KDE makes login to locked screen possible
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] KDE (show other bugs)
Hardware: x86 Linux
: High critical (vote)
Assignee: Gentoo KDE team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-03-10 22:30 UTC by Stefan Raspl
Modified: 2004-03-12 04:34 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Raspl 2004-03-10 22:30:28 UTC 
I'm running Gentoo stable, having KDE 3.2 installed now.
In KDE, configure a screensaver (I'm using the OpenGL ones, but not sure if that is essential) with password protection.
Lock the screen and let the screensaver kick in. Then press <CTRL> + <ALT> + <BACKSPACE>, which kills the X server. What happens next is that the server restarts, and the previous KDE session(!!!) comes up again instead of kdm!
This way, it is possible for any user to log into a locked KDE account.
Comment 1 Paul de Vrieze (RETIRED) gentoo-dev 2004-03-11 05:16:38 UTC 
Are you sure that you didn't explicitly configure kdm to have this behaviour? Kdm has an option to automatically login the previous user in case the X-server crashes. As is quite obvious this feature is unsafe.
Comment 2 Stefan Raspl 2004-03-11 05:32:59 UTC 
Will check...I know about this feature but usually do not select it. Stay tuned...
Comment 3 Stefan Raspl 2004-03-12 04:34:18 UTC 
Tried to verify this yesterday, but it didn't happen anymore!
When discovering this problem, I have verified multiple times that it does indeed happen...I did an 'emerge sync' inbetween, but that's about it. Also, kdm is _not_ configured to do any auto logins.
No idea what is going on here...