Bug#564079: Is this really a screensaver issue?
Josselin Mouette
joss at debian.org
Tue Jan 26 13:15:13 UTC 2010
Le mardi 26 janvier 2010 à 12:00 +0100, Bastian Blank a écrit :
> On Tue, Jan 26, 2010 at 11:21:56AM +0100, Josselin Mouette wrote:
> > Le samedi 23 janvier 2010 à 11:37 +0100, Guido Günther a écrit :
> > > Should this really be handled in the screensaver? The user can also kill
> > > other processes during boot like accounting daemons and therefore
> > > compromise security. The only "fix" is to disable this feature.
> > I fully concur. Such a “feature” should be disabled by default, and this
> > has to be done in the kernel packages.
>
> The OOM killer can always be forced with normal processes as long as
> over-commitment is enabled. So it is never save to add security measures
> within processes that can be killed seperately.
Without the SysRq, it would require at least to be logged on to achieve
that. Or do you have examples in mind?
Do you also have any ideas of what screensavers should do to be secure
wrt. the OOM killer and similar attack vectors?
> > I’d appreciate if we could have some input from the kernel maintainers.
>
> Someone with access to the console have several attack vectors
> available.
Indeed but that shouldn’t prevent us from working on mitigating these
risks. If your laptop is stolen while not powered down, it should not
allow to access your running session.
Cheers,
--
.''`. Josselin Mouette
: :' :
`. `' “A handshake with whitnesses is the same
`- as a signed contact.” -- Jörg Schilling
More information about the pkg-gnome-maintainers
mailing list