FW: F7 T2 Security Leak?

Neal Becker ndbecker2 at gmail.com
Sun Mar 4 21:25:59 UTC 2007


Jesse Keating wrote:

> On Sunday 04 March 2007 12:10:13 Michaël Vanderheeren wrote:
>> There are 2 accounts on a computer, call them A and B. Each account has
>> it's own different password.
>>
>> Person A starts up the computer and logs in. But at a certain point
>> person B wants to use his account for 5 minutes. So he uses the Fast User
>> Switch. As this happens person A's account stays active. But… person B
>> can switch back to person A's account without entering a password! So if
>> person A is gone for a while, person B can steal his documents, delete
>> files, …
> 
> Fast User Switching by default enables the screen lock when a user is
> switched
> away from.  Could there be a problem with your screen lock?
> 
> Please keep in mind that any assumption of security is completely out of
> the water if folks have physical access to your computer, which they must
> have for fast user switching.
> 

This comment is a bit extreme.  True, in principal there is no security
without physical security - but that hardly means we should offer an open
invitation.




More information about the fedora-devel-list mailing list