Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 19 Jan 2012 20:18:37 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: oss-security@...ts.openwall.com
Subject: Re: Screen locking programs on Xorg 1.11

> I recently found out that it is possible to kill a screensaver/screen
> locker program on the latest version of Xorg (1.11 shipped with
> archlinux, debian wheezy..) using the Ctrl+Alt+Multiply key binding.

This used to be, uhm, common knowledge:

| Option "AllowDeactivateGrabs" "boolean"
|     This option enables the use of the Ctrl+Alt+Keypad-Divide key
|     sequence to deactivate any active keyboard and mouse
|     grabs. Default: off.
| 
| Option "AllowClosedownGrabs" "boolean"
|     This option enables the use of the Ctrl+Alt+Keypad-Multiply key
|     sequence to kill clients with an active keyboard or mouse grab as
|     well as killing any application that may have locked the server,
|     normally using the XGrabServer(3x) Xlib function. Default: off.
| 
|     Note that the options AllowDeactivateGrabs and AllowClosedownGrabs
|     will allow users to remove the grab used by screen saver/locker
|     programs. An API was written to such cases. If you enable this
|     option, make sure your screen saver/locker is updated.

<http://www.x.org/archive/X11R6.8.1/doc/Xorg.1.html>

The API in question appears to be XF86MiscSetGrabKeysState:

<http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/hw/xfree86/XF86Config.man?hideattic=0#rev1.6>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ