Re: [dwm] vulnerability in slock

From: Anselm R. Garbe <>
Date: Mon, 12 Mar 2007 08:18:48 +0100

On Mon, Mar 12, 2007 at 02:28:09AM -0400, Albert Cardona wrote:
> At least in slock 0.6, nothing prevents me from killing the Xorg server
> with control+alt+backspace, returning to an open tty.

No locker should prevent you from killing the x server. If you
use startx use

startx && exit

to prevent such situation, or simply

exec startx

> Also, I cannot unlock ever: the screen turns black on launching slock,
> then I type my password and push return. Slock beeps and that's it, no
> unlocking. I have a fingerprint reader enabled that I use on the gnome
> side. 'pam' is setup so that sudo does not ask for the finger tip swipe.
> I fail to see why should pam interfere with slock, but I can't see any
> other source of inteference other than pam.

Hmm, dunno which mechanism is used by your fingerprint reader,
but slock uses the getpw() mechanism of Unix which is usually
similiar to the authentication method in use by login(1).


 Anselm R. Garbe >< >< GPG key: 0D73F361
Received on Mon Mar 12 2007 - 08:18:48 UTC

This archive was generated by hypermail 2.2.0 : Sun Jul 13 2008 - 14:38:54 UTC