Re: [hackers] [PATCH] [slock] Remove faulty example and add a section on security considerations

From: Ali H. Fardan <raiz_AT_firemail.cc>
Date: Wed, 28 Sep 2016 22:03:57 +0300

I suggest you take a look at this:
https://notabug.org/kl3/slock

it was used to be called "slock for the absolute paranoid", but this
dude
wanted to go further with it and make it fit his taste, but there are
some security stuff he did there, check it out.

--
Raiz
On 2016-09-28 21:33, FRIGN wrote:
> Hello fellow hackers,
> 
> the question has been floating around for quite some time on the
> internet, but I think it is a good place to answer it in the manual of
> our screen locker. Is slock really secure and if not, how can I harden
> it so that nobody can access my machine?
> 
> There are two ways one can possibly circumvent a locked X screen (not
> including security holes in the Kernel)
> 
> 1) switch to a different VT that is logged in. Then there, proceed to
>    kill slock and switch back the now unlocked VT.
> 2) kill the X server with Ctrl+Alt+Backspace (if enabled). If no login
>    manager is used, this yields an open shell. All work within the X
>    session is usually lost, but the attacker still has access to the
>    user data.
> 
> Sysrq can be used to kill all running processes, but this also logs out
> the user and thus is no problem. I did not add it here because if
> somebody wants to "pwn" the user he can just unplug the computer or
> take out the battery to destroy all the work.
> 
> You can disable VT switching and Ctrl+Alt+Backspace (this also
> overrides the local Xkb settings and is thus foolproof) for sure by
> setting two options in xorg.conf. See the patch for details on the
> instructions.
> 
> Cheers
> 
> FRIGN
Received on Wed Sep 28 2016 - 21:03:57 CEST

This archive was generated by hypermail 2.3.0 : Wed Sep 28 2016 - 21:12:15 CEST