FW: F7 T2 Security Leak?
David Zeuthen
david at fubar.dk
Sun Mar 4 21:33:34 UTC 2007
On Sun, 2007-03-04 at 16:18 -0500, Jesse Keating wrote:
> On Sunday 04 March 2007 12:10:13 Michaël Vanderheeren wrote:
> > There are 2 accounts on a computer, call them A and B. Each account has
> > it's own different password.
> >
> > Person A starts up the computer and logs in. But at a certain point person
> > B wants to use his account for 5 minutes. So he uses the Fast User Switch.
> > As this happens person A's account stays active. But… person B can switch
> > back to person A's account without entering a password! So if person A is
> > gone for a while, person B can steal his documents, delete files, …
>
> Fast User Switching by default enables the screen lock when a user is switched
> away from. Could there be a problem with your screen lock?
Yes, when a session is switched away from, gnome-screensaver, at least
(don't know about KDE / others), is supposed to lock the session... that
is.. unless you changed the default and asked it to never lock the
screen. If that's not the case, please file bugs against
gnome-screensaver so we can fix this. Thanks.
Btw, at least for FC7t1, gnome-screensaver wasn't included on the live
CD; a bug I hope we've fixed for t2.
David
More information about the fedora-devel-list
mailing list