Screen Locking Problems

David Curry dsccable at comcast.net
Thu Mar 3 03:32:37 UTC 2005


Matthew Miller wrote:

>On Wed, Mar 02, 2005 at 04:23:37PM -0500, David Curry wrote:
>  
>
>>back to init level 3.  If the user's username and password are known to 
>>someone else, that someone else could easily kill the X session and log 
>>back in to X.org as the party who set the screenlock.  In addition, 
>>    
>>
>
>Errr, if they know the username and password, they could just unlock the
>screensaver, with no need to kill the session.
>
>  
>
 
Twas dumb.  Fingers working faster than the brain.

>>Screensaver -> Help - > Frequently Asked questions -> #22 points out 
>>that if the user is logged into a non-X console session, Ctl-Alt-F1 on 
>>the keyboard will switch the screen to that non-X console.
>>    
>>
>
>And again require a login. If you want to disable this (for a kiosk, say),
>set the DontVTSwitch option to true. (You can also set DontZap, to disable
>Ctrl-Alt-Backspace, if you want.)
>
>  
>
Thanks for the info.

>>I haven't really explored either one of the things suggested by the faq, 
>>but it seems to me that screen lock has real weaknesses as an overnight 
>>security measure.
>>    
>>
>
>It might, but I don't see how it's the things you've listed.
>
>
>  
>




More information about the fedora-list mailing list