Xorg >= 1.11 security problem

[aesir]

It appears that there is a funny debug feature enabled by default in xorg that permits to bypass screensavers.
You can read about it on http://gu1.aeroxteam.fr/2012/01/19/b...rg-111-and-up/ or on Phoronix

It doesn't work for me on f15 as it has xorg 1.10, what about for you guys on f16?

To workaround it you have to either edit your xorg configuration files or your keyboard map, for example:

Code:

$ xmodmap -pke | grep -i Grab
keycode  63 = KP_Multiply XF86ClearGrab KP_Multiply XF86ClearGrab
keycode 106 = KP_Divide XF86Ungrab KP_Divide XF86Ungrab
$ xmodmap -e "keycode  63 = KP_Multiply NoSymbol KP_Multiply NoSymbol"
$ xmodmap -e "keycode  106 = KP_Divide NoSymbol KP_Divide NoSymbol"

[Dutchy]

Yeah, unfortunately F16 is affected as I just successfully unlocked my screen with that simple button combination.

As for the workaround:
Would that have any side effects?
Like not being able to use the numpad multiply button?

[aesir]

Quote:

Originally Posted by Dutchy

Yeah, unfortunately F16 is affected as I just successfully unlocked my screen with that simple button combination.

As for the workaround:
Would that have any side effects?
Like not being able to use the numpad multiply button?

It won't have any side effect, if done properly.
The first command tells you which of your physical keys are mapped to XF86ClearGrab and XF86Ungrab, the other two change the map for those keys to NoSymbol.

It is not permanent: when you restart X, the keymap is reloaded to your locale settings or any other keyboard setting you have.
Try it to see if it works.
To make it permanent you can edit /etc/X11/Xmodmap or ~/.Xmodmap.

[Dutchy]

Thanks aesir, that work around works great!

For the xmodmap noobs like me:
-Create ~/.Xmodmap
-Add the lines (no quotes):

Code:

keycode  63 = KP_Multiply NoSymbol KP_Multiply NoSymbol
keycode  106 = KP_Divide NoSymbol KP_Divide NoSymbol

-Test the config with the "xmodmap ~/.Xmodmap" command.

[Dutchy]

Apparently this issue has already been taken care of.
Great response time!

[DBelton]

I was just going to say that the update that fixes this issue came down in my updates last night and already installed here

(although this really isn't much of an issue anyway since if someone has physical access to you machine, there are numerous other ways they could gain access other than this anyway)

[RupertPupkin]

Hmm, the xkeyboard-config-2.3-3.fc16 update was installed last night on my system but the security bug persisted after restarting X and even after rebooting. To fix the bug I had to put this in the /etc/X11/xorg.conf.d/10-local.conf file:

Code:

Section "ServerFlags"
        Option "AllowDeactivateGrabs" "false"
        Option "AllowClosedownGrabs" "false"
EndSection

Which files were changed in the xkeyboard-config package? Because whatever it was didn't work for me, using xscreensaver. Only the above xorg.conf change fixed it for me.

[DBelton]

did it put the changes in an "rpmsave" file instead of overwriting your conf file?

[Dutchy]

The fix seems to work properly for me (no fussing with xorg.conf here at all).

[weitjong]

For crying out loud. I have searched high and low for the answer why the previously working "feature" in my F16 system is suddenly broken for the past few days. I am relying on the "Ctrl+Alt+/" to ungrab the input devices while within Eclipse IDE debugging my application that captures the keyboard&mouse. Obviously, I need to ungrab the captured input devices from the app back to system so Eclipse/Debugger can use them. This combo and also the "Ctrl+Alt+*" also save me from rebooting the whole machine when my application crashes mid way without releasing the keyboard&mouse back properly.

I could understand why this is a security concern and the need for the fix. What I don't understand is why the developer chosen this option to resolve the issue. There are already Xorg ServerFlags options controlling whether these two key combos is active or not. Isn't it by defaulting them to "off" would do the trick? And user that needs them can simply flip the switch on their own risk?

The current security fix creates yet another XkbOptions called "grab:break_actions". I have tested it in my system. The problem is, now both "Ctrl+Alt+/" and "Ctrl+Alt+*" key combos behave the same. Although it works to ungrab the input devices, but both kill/terminate the process that has the input focus. Previously "Ctrl+Alt+/" did not kill the process after ungrabbing. So, it is still not useful for debugging any more.

Just my 2 cents and rant. I know it is hard for developer to keep every user happy .