Date: Thu, 19 Jan 2012 20:18:37 +0100 From: Florian Weimer <fw@...eb.enyo.de> To: oss-security@...ts.openwall.com Subject: Re: Screen locking programs on Xorg 1.11 > I recently found out that it is possible to kill a screensaver/screen > locker program on the latest version of Xorg (1.11 shipped with > archlinux, debian wheezy..) using the Ctrl+Alt+Multiply key binding. This used to be, uhm, common knowledge: | Option "AllowDeactivateGrabs" "boolean" | This option enables the use of the Ctrl+Alt+Keypad-Divide key | sequence to deactivate any active keyboard and mouse | grabs. Default: off. | | Option "AllowClosedownGrabs" "boolean" | This option enables the use of the Ctrl+Alt+Keypad-Multiply key | sequence to kill clients with an active keyboard or mouse grab as | well as killing any application that may have locked the server, | normally using the XGrabServer(3x) Xlib function. Default: off. | | Note that the options AllowDeactivateGrabs and AllowClosedownGrabs | will allow users to remove the grab used by screen saver/locker | programs. An API was written to such cases. If you enable this | option, make sure your screen saver/locker is updated. <http://www.x.org/archive/X11R6.8.1/doc/Xorg.1.html> The API in question appears to be XF86MiscSetGrabKeysState: <http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/hw/xfree86/XF86Config.man?hideattic=0#rev1.6>
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ