Summary: | Security flaw in KDE makes login to locked screen possible | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Stefan Raspl <raspl> |
Component: | [OLD] KDE | Assignee: | Gentoo KDE team <kde> |
Status: | RESOLVED INVALID | ||
Severity: | critical | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Stefan Raspl
2004-03-10 22:30:28 UTC
Are you sure that you didn't explicitly configure kdm to have this behaviour? Kdm has an option to automatically login the previous user in case the X-server crashes. As is quite obvious this feature is unsafe. Will check...I know about this feature but usually do not select it. Stay tuned... Tried to verify this yesterday, but it didn't happen anymore! When discovering this problem, I have verified multiple times that it does indeed happen...I did an 'emerge sync' inbetween, but that's about it. Also, kdm is _not_ configured to do any auto logins. No idea what is going on here... |