141540 – auto-login session locking can be escaped during boot in kdm

Bug 141540 - auto-login session locking can be escaped during boot in kdm

Summary: auto-login session locking can be escaped during boot in kdm

Status:	RESOLVED DUPLICATE of bug 125318

Alias:	None

Product:	kdm
Classification:	Miscellaneous
Component:	general (show other bugs)
Version:	unspecified
Platform:	Gentoo Packages Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	kdm bugs tracker

URL:
Keywords:

Depends on:
Blocks:

Reported:	2007-02-11 16:10 UTC by Peter Volkov
Modified:	2008-05-19 17:30 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Peter Volkov 2007-02-11 16:10:14 UTC

Version:           3.5.6 (using KDE KDE 3.5.6)
Installed from:    Gentoo Packages
Compiler:          gcc 4.1.1 Gentoo 4.1.1-r3
OS:                Linux

If you enable auto-login and "Lock session" for login manager, user can avoid locking during boot by switching to console and coming back into X11.

To reproduce 
1. Enable Auto-login for some users and select lock session with delay 1 second
2. During kdm startup at the moment when you'll see X cursor (kdm still have to boot and login window is not shown) switch to console with Alt+F1
3. Wait while kde loads (wait for the music)
4. Swith back to kde... keyboard is locked (you can not type anything), but there is no "This session was locked" dialog window and you can use mouse to start any programs, manage any files and etc.

I think session should be locked in any way.

This is security problem and current workaround is to disable Auto-login.

Comment 1 Oswald Buddenhagen 2007-02-11 16:14:10 UTC


*** This bug has been marked as a duplicate of 125318 ***