FW: F7 T2 Security Leak?
Rex Dieter
rdieter at math.unl.edu
Mon Mar 5 16:10:37 UTC 2007
David Zeuthen wrote:
> On Sun, 2007-03-04 at 16:18 -0500, Jesse Keating wrote:
>> On Sunday 04 March 2007 12:10:13 Michaël Vanderheeren wrote:
>> > There are 2 accounts on a computer, call them A and B. Each account has
>> > it's own different password.
>> >
>> > Person A starts up the computer and logs in. But at a certain point
>> > person B wants to use his account for 5 minutes. So he uses the Fast
>> > User Switch. As this happens person A's account stays active. But…
>> > person B can switch back to person A's account without entering a
>> > password! So if person A is gone for a while, person B can steal his
>> > documents, delete files, …
>>
>> Fast User Switching by default enables the screen lock when a user is
>> switched
>> away from. Could there be a problem with your screen lock?
>
> Yes, when a session is switched away from, gnome-screensaver, at least
> (don't know about KDE / others)
Maybe it could/should use xdg-utils' and emit:
xdg-screensaver lock
on switching?
(Hrm, unless someone/somewhere purposefully doesn't want the screen to lock
on user switch)
-- Rex
More information about the fedora-devel-list
mailing list