Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 127809

Summary: With local access, attacker can kill X server by ctrl alt backspace and gain root or user console if startx is used
Product: Gentoo Security Reporter: Kristina <thekikinator>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: critical CC: djcapelis
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Kristina 2006-03-27 19:45:29 UTC 
When using startx as the command to start your display manager, I noticed that if you lock your session while logged into an environment such as KDE, (3.4 more specifically), the ctrl alt backspace (aka don't zap) option does not get disabled, thus, an attacker with physical access to the machine can zap the X server in which case it will bounce back to tty1 (assuming udev) or vc/1 (devfs) and the attacker gains the shell with privileges of which startx had.  Example, a root or user shell.
Comment 1 Tavis Ormandy (RETIRED) gentoo-dev 2006-03-27 23:40:39 UTC 
This is by design, as you mention, DontZap is the solution if that is something you want to do.