Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <542973CB.4010605@fifthhorseman.net>
Date: Mon, 29 Sep 2014 10:59:23 -0400
From: Daniel Kahn Gillmor <dkg@...thhorseman.net>
To: oss-security@...ts.openwall.com
Subject: gnome-shell lockscreen bypass with printscreen key

hi OSS-security folks--

gnome-shell currently handles the lockscreen for modern versions of gnome.

gnome-shell also handles the "take a screenshot" action, which is mapped
by default to the prtsc key.

the prtsc key is not disabled when the screen is locked.

taking a bunch of screenshots at once bloats gnome-shell to the point
where it's pretty easy to get it targeted by the kernel's oom-killer.

This means that anyone with access to the keyboard of a locked GNOME
session can (briefly) disable the lockscreen, which lets them see and
interact with the running gnome session:

  https://bugzilla.gnome.org/show_bug.cgi?id=737456

It looks like fixes are targeted for GNOME 3.14.1.

Regards,

	--dkg


Download attachment "signature.asc" of type "application/pgp-signature" (950 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.