Debian Bug report logs -
#507558
ignores "LockXLock yes" setting in /etc/hibernate/common.conf (e.g. does not lock the screen)
Reported by: Albert Dengg <a_d@gmx.at>
Date: Tue, 2 Dec 2008 13:36:02 UTC
Severity: grave
Tags: security
Found in version hibernate/1.99-1
Done: David Paleino <d.paleino@gmail.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to
debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, madduck@debian.org (martin f. krafft):
Bug#507558; Package
hibernate.
(Tue, 02 Dec 2008 13:36:06 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Albert Dengg <a_d@gmx.at>:
New Bug report received and forwarded. Copy sent to
Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, madduck@debian.org (martin f. krafft).
(Tue, 02 Dec 2008 13:36:09 GMT)
Full text and
rfc822 format available.
Message #5 received at submit@bugs.debian.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Package: hibernate
Version: 1.99-1
Severity: grave
Tags: security
Justification: user security hole
hi,
i just noticed that for some reason the X session is not locked after a
successfull resume which cause a serious security problem in my opinion.
yours
albert
-- Package-specific info:
--- configuration
==> /etc/hibernate/common.conf <==
Verbosity 0
LogFile /var/log/hibernate.log
LogVerbosity 4
Distribution debian
SaveClock restore-only
IbmAcpi yes
LockXLock yes
OnResume 20 /usr/sbin/anacron -s
UnloadBlacklistedModules yes
LoadModules auto
PauseAudio yes
EjectCards yes
RestartServices laptop-mode
RestartServices cron
SwitchToTextMode yes
==> /etc/hibernate/disk.conf <==
TryMethod ususpend-disk.conf
TryMethod sysfs-disk.conf
==> /etc/hibernate/hibernate.conf <==
TryMethod suspend2.conf
TryMethod disk.conf
TryMethod ram.conf
==> /etc/hibernate/ram.conf <==
TryMethod ususpend-ram.conf
TryMethod sysfs-ram.conf
==> /etc/hibernate/suspend2.conf <==
UseSuspend2 yes
Reboot no
EnableEscape yes
DefaultConsoleLevel 1
Compressor lzf
Encryptor none
FullSpeedCPU yes
Include common.conf
==> /etc/hibernate/sysfs-disk.conf <==
UseSysfsPowerState disk
Include common.conf
==> /etc/hibernate/sysfs-ram.conf <==
UseSysfsPowerState mem
Include common.conf
==> /etc/hibernate/ususpend-both.conf <==
USuspendMethod both
Include common.conf
==> /etc/hibernate/ususpend-disk.conf <==
USuspendMethod disk
Include common.conf
==> /etc/hibernate/ususpend-ram.conf <==
USuspendMethod ram
Include common.conf
--- /sys/power
==> /sys/power/disk <==
[platform] test testproc shutdown reboot
==> /sys/power/image_size <==
973892157
==> /sys/power/resume <==
254:6
==> /sys/power/state <==
mem disk
--- log
http://albertd.nicenamecrew.com/hibernate.log.bz2
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages hibernate depends on:
ii kbd 1.14.1-4 Linux console font and keytable ut
Versions of packages hibernate recommends:
ii dash 0.5.4-12 POSIX-compliant shell
ii hdparm 8.9-2 tune hard disk parameters for high
ii uswsusp 0.8-1.1 tools to use userspace software su
ii vbetool 1.0-3 run real-mode video BIOS code to a
Versions of packages hibernate suggests:
pn 915resolution <none> (no description available)
ii xscreensaver 5.05-3 Automatic screensaver for X
-- no debconf information
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
debian-bugs-dist@lists.debian.org, madduck@debian.org (martin f. krafft):
Bug#507558; Package
hibernate.
(Sun, 07 Dec 2008 20:39:10 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Michael-Kiefer@web.de:
Extra info received and forwarded to list. Copy sent to
madduck@debian.org (martin f. krafft).
(Sun, 07 Dec 2008 20:39:10 GMT)
Full text and
rfc822 format available.
Message #10 received at 507558@bugs.debian.org (full text, mbox):
Hello Albert,
sorry for this being extremely vague but I don't remember the details any
more. I had a similar problem once with LockKDE. There was no hint in the
lockfiles as I remember but somehow I figured out that something in _another_
user's home dir, I think concerning DCOP, was messed up. I think I had to run
the script performing the actual lock manually in order to find out.
Michael
Information forwarded
to
debian-bugs-dist@lists.debian.org, madduck@debian.org (martin f. krafft):
Bug#507558; Package
hibernate.
(Tue, 09 Dec 2008 03:33:04 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Ben Hutchings <ben@decadent.org.uk>:
Extra info received and forwarded to list. Copy sent to
madduck@debian.org (martin f. krafft).
(Tue, 09 Dec 2008 03:33:04 GMT)
Full text and
rfc822 format available.
Message #15 received at 507558@bugs.debian.org (full text, mbox):
[Message part 1 (text/plain, inline)]
I don't think there's any clean way to do lock the screen from a script
such as hibernate, because that is part of each user session, not global
state.
Perhaps the documentation should be changed to recommend use of a
locking screensaver instead. If so, this should also be mentioned in
NEWS.Debian.
Ben.
--
Ben Hutchings
All extremists should be taken out and shot.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
debian-bugs-dist@lists.debian.org, madduck@debian.org (martin f. krafft):
Bug#507558; Package
hibernate.
(Sun, 14 Dec 2008 01:51:08 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Eric Price <ecprice@MIT.EDU>:
Extra info received and forwarded to list. Copy sent to
madduck@debian.org (martin f. krafft).
(Sun, 14 Dec 2008 01:51:08 GMT)
Full text and
rfc822 format available.
Message #20 received at 507558@bugs.debian.org (full text, mbox):
This isn't really a bug: the LockXLock option works if xlock is
installed. Without xlock, you can instead use other locking options
(LockXScreenSaver, LockGnomeScreenSaver, LockKDE) to lock the screen
if you're already running the appropriate screensaver.
This could be a wishlist request for starting up a locking screensaver
if one isn't already running, but it shouldn't be release critical.
Eric
Reply sent
to
David Paleino <d.paleino@gmail.com>:
You have taken responsibility.
(Sat, 20 Dec 2008 22:00:05 GMT)
Full text and
rfc822 format available.
Notification sent
to
Albert Dengg <a_d@gmx.at>:
Bug acknowledged by developer.
(Sat, 20 Dec 2008 22:00:05 GMT)
Full text and
rfc822 format available.
Message #25 received at 507558-done@bugs.debian.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hello Albert,
I'm closing this bug since it's not really RC, it's not even a bug.
$ man hibernate.conf | grep -A1 LockXLock
LockXLock <boolean>
Lock active X11 session using xlock.
$
Sure, it could be documented better, but that's what manpages are for.
Also, the mail sent by Eric Price is relevant: read the manpage to know which
methods to lock the screen are supported, and what is needed for them to work.
Thank you for your bugreport,
David Paleino
--
. ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino
: :' : Linuxer #334216 --|-- http://www.hanskalabs.net/
`. `'` GPG: 1392B174 ----|---- http://snipr.com/qa_page
`- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174
[signature.asc (application/pgp-signature, attachment)]
Bug archived.
Request was from
Debbugs Internal Request <owner@bugs.debian.org>
to
internal_control@bugs.debian.org.
(Sun, 18 Jan 2009 07:28:49 GMT)
Full text and
rfc822 format available.
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Feb 9 19:29:22 2010;
Machine Name:
busoni.debian.org
Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.