FW: F7 T2 Security Leak?
Paul Michael Reilly
pmr at pajato.com
Mon Mar 5 01:26:49 UTC 2007
Michaël Vanderheeren wrote:
> I think there's a security leak in F7. I found out the next thing:
>
> Look at this situation:
>
> There are 2 accounts on a computer, call them A and B. Each account has
> it's own different password.
>
> Person A starts up the computer and logs in. But at a certain point
> person B wants to use his account for 5 minutes. So he uses the Fast
> User Switch. As this happens person A's account stays active. But…
> person B can switch back to person A's account without entering a
> password! So if person A is gone for a while, person B can steal his
> documents, delete files, …
Not a bug. Not a security problem. I've tested FUSA on Gnome and it
works beautifully. Locks by default, doesn't lock when I disable it, as
it should not. However KDE (Switch User) does not honor the locking
setting established by Gnome.
FUSA may well be FC7's best feature. I use many accounts
simultaneously. FUSA and VNC are just a dream. I would be beside
myself if Fedora slowed down FUSA by forcing me to use a false sense of
security on my own computer.
-pmr
More information about the fedora-devel-list
mailing list