Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 19th January 2012, 09:20 AM
aesir Offline
Registered User
 
Join Date: Nov 2008
Location: ~
Age: 28
Posts: 175
linuxfirefox
Xorg >= 1.11 security problem

It appears that there is a funny debug feature enabled by default in xorg that permits to bypass screensavers.
You can read about it on http://gu1.aeroxteam.fr/2012/01/19/b...rg-111-and-up/ or on Phoronix

It doesn't work for me on f15 as it has xorg 1.10, what about for you guys on f16?

To workaround it you have to either edit your xorg configuration files or your keyboard map, for example:
Code:
$ xmodmap -pke | grep -i Grab
keycode  63 = KP_Multiply XF86ClearGrab KP_Multiply XF86ClearGrab
keycode 106 = KP_Divide XF86Ungrab KP_Divide XF86Ungrab
$ xmodmap -e "keycode  63 = KP_Multiply NoSymbol KP_Multiply NoSymbol"
$ xmodmap -e "keycode  106 = KP_Divide NoSymbol KP_Divide NoSymbol"
Reply With Quote
  #2  
Old 19th January 2012, 11:49 AM
Dutchy Offline
Registered User
 
Join Date: Aug 2011
Posts: 1,044
linuxfirefox
Re: Xorg >= 1.11 security problem

Yeah, unfortunately F16 is affected as I just successfully unlocked my screen with that simple button combination.

As for the workaround:
Would that have any side effects?
Like not being able to use the numpad multiply button?
Reply With Quote
  #3  
Old 19th January 2012, 12:49 PM
aesir Offline
Registered User
 
Join Date: Nov 2008
Location: ~
Age: 28
Posts: 175
linuxfirefox
Re: Xorg >= 1.11 security problem

Quote:
Originally Posted by Dutchy View Post
Yeah, unfortunately F16 is affected as I just successfully unlocked my screen with that simple button combination.

As for the workaround:
Would that have any side effects?
Like not being able to use the numpad multiply button?
It won't have any side effect, if done properly.
The first command tells you which of your physical keys are mapped to XF86ClearGrab and XF86Ungrab, the other two change the map for those keys to NoSymbol.

It is not permanent: when you restart X, the keymap is reloaded to your locale settings or any other keyboard setting you have.
Try it to see if it works.
To make it permanent you can edit /etc/X11/Xmodmap or ~/.Xmodmap.
Reply With Quote
  #4  
Old 19th January 2012, 01:16 PM
Dutchy Offline
Registered User
 
Join Date: Aug 2011
Posts: 1,044
linuxfirefox
Re: Xorg >= 1.11 security problem

Thanks aesir, that work around works great!

For the xmodmap noobs like me:
-Create ~/.Xmodmap
-Add the lines (no quotes):
Code:
keycode  63 = KP_Multiply NoSymbol KP_Multiply NoSymbol
keycode  106 = KP_Divide NoSymbol KP_Divide NoSymbol
-Test the config with the "xmodmap ~/.Xmodmap" command.
Reply With Quote
  #5  
Old 20th January 2012, 11:27 AM
Dutchy Offline
Registered User
 
Join Date: Aug 2011
Posts: 1,044
linuxfirefox
Re: Xorg >= 1.11 security problem

Apparently this issue has already been taken care of.
Great response time!
Reply With Quote
  #6  
Old 20th January 2012, 02:36 PM
DBelton Offline
Administrator
 
Join Date: Aug 2009
Posts: 7,320
linuxfirefox
Re: Xorg >= 1.11 security problem

I was just going to say that the update that fixes this issue came down in my updates last night and already installed here

(although this really isn't much of an issue anyway since if someone has physical access to you machine, there are numerous other ways they could gain access other than this anyway)
Reply With Quote
  #7  
Old 20th January 2012, 11:18 PM
RupertPupkin Offline
Registered User
 
Join Date: Nov 2006
Location: Detroit
Posts: 5,682
linuxfedorafirefox
Re: Xorg >= 1.11 security problem

Hmm, the xkeyboard-config-2.3-3.fc16 update was installed last night on my system but the security bug persisted after restarting X and even after rebooting. To fix the bug I had to put this in the /etc/X11/xorg.conf.d/10-local.conf file:
Code:
Section "ServerFlags"
        Option "AllowDeactivateGrabs" "false"
        Option "AllowClosedownGrabs" "false"
EndSection
Which files were changed in the xkeyboard-config package? Because whatever it was didn't work for me, using xscreensaver. Only the above xorg.conf change fixed it for me.
__________________
OS: Fedora 20 x86_64 | Machine: HP Pavilion a6130n | CPU: AMD 64 X2 Dual-Core 5000+ 2.6GHz | RAM: 5GB PC5300 DDR2 | Disk: 400GB SATA | Video: ATI Radeon HD 4350 512MB | Sound: Realtek ALC888S | Ethernet: Realtek RTL8201N
Reply With Quote
  #8  
Old 21st January 2012, 03:55 AM
DBelton Offline
Administrator
 
Join Date: Aug 2009
Posts: 7,320
linuxfirefox
Re: Xorg >= 1.11 security problem

did it put the changes in an "rpmsave" file instead of overwriting your conf file?
Reply With Quote
  #9  
Old 21st January 2012, 12:16 PM
Dutchy Offline
Registered User
 
Join Date: Aug 2011
Posts: 1,044
linuxfirefox
Re: Xorg >= 1.11 security problem

The fix seems to work properly for me (no fussing with xorg.conf here at all).
Reply With Quote
  #10  
Old 25th February 2012, 07:30 AM
weitjong Online
Registered User
 
Join Date: Oct 2006
Location: Singapore, 新加坡
Posts: 944
linuxfirefox
Re: Xorg >= 1.11 security problem

For crying out loud. I have searched high and low for the answer why the previously working "feature" in my F16 system is suddenly broken for the past few days. I am relying on the "Ctrl+Alt+/" to ungrab the input devices while within Eclipse IDE debugging my application that captures the keyboard&mouse. Obviously, I need to ungrab the captured input devices from the app back to system so Eclipse/Debugger can use them. This combo and also the "Ctrl+Alt+*" also save me from rebooting the whole machine when my application crashes mid way without releasing the keyboard&mouse back properly.

I could understand why this is a security concern and the need for the fix. What I don't understand is why the developer chosen this option to resolve the issue. There are already Xorg ServerFlags options controlling whether these two key combos is active or not. Isn't it by defaulting them to "off" would do the trick? And user that needs them can simply flip the switch on their own risk?

The current security fix creates yet another XkbOptions called "grab:break_actions". I have tested it in my system. The problem is, now both "Ctrl+Alt+/" and "Ctrl+Alt+*" key combos behave the same. Although it works to ungrab the input devices, but both kill/terminate the process that has the input focus. Previously "Ctrl+Alt+/" did not kill the process after ungrabbing. So, it is still not useful for debugging any more.

Just my 2 cents and rant. I know it is hard for developer to keep every user happy .
__________________
YaoWT - Leave no window unbroken ♪ (^。^) 

Last edited by weitjong; 26th February 2012 at 05:11 AM.
Reply With Quote
Reply

Tags
>, 111, problem, screensaver, security, xorg

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
GNOME Security - A Remix of the Fedora Security Spin for Security Auditing sullivanmatt Fedora Spins & Remixes 0 31st May 2010 06:48 AM
problem with xorg-x11-server-Xorg-1.7.99.901.8 and system-setup-keyboard chepioq Fedora 13 Development Branch 8 7th March 2010 09:14 PM
custom kernel: kernel problem or Xorg problem? -- Xorg freezes steve941 Using Fedora 0 22nd March 2006 03:38 AM


Current GMT-time: 10:25 (Tuesday, 21-10-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Kretinga Photos - Baliuag Photos - Easton Travel Photos on Instagram