Bug 71667

Version:            (using KDE KDE 3.1.4)
Installed from:    Debian testing/unstable Packages

Hi,

This is a forward of the following Debian bug report:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225866

'kscreensaver' does not properly deal with the XFree86 server options
AllowDeactivateGrabs and AllowClosedownGrabs. Invoking the key combinations
enabled by these options allows one to bypass kscreensaver's locking of the
display, causing a breach of security. Therefore, these options cannot safely
be used with kscreensaver when locking of the display is required. Apparently
there is an API for dealing with this; please see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225762.

SERVERFLAGS SECTION
[...]
       Option "AllowDeactivateGrabs" "boolean"
              This  option  enables  the use of the Ctrl+Alt+Keypad-Divide key sequence to deactivate any active keyboard and mouse grabs.  Default:
              off.

       Option "AllowClosedownGrabs" "boolean"
              This option enables the use of the Ctrl+Alt+Keypad-Multiply key sequence to kill clients with an active keyboard or mouse grab as well
              as killing any application that may have locked the server, normally using the XGrabServer(3x) Xlib function.  Default: off.
              Note  that  the  options  AllowDeactivateGrabs and AllowClosedownGrabs will allow users to remove the grab used by screen saver/locker
              programs.  An API was written to such cases. If you enable this option, make sure your screen saver/locker is updated.

cheers
domi