[compiz] CVE-2007-3920
Travis Watkins
amaranth at ubuntu.com
Tue Nov 6 08:01:49 PST 2007
On 11/6/07, Colin Guthrie <gmane at colin.guthr.ie> wrote:
> Hanno Böck wrote:
> > A bypass for screensaver password dialogs has been found within compiz.
> >
> > What about it?
> > Ubuntu created a patch, gentoo took the same:
> > https://bugs.gentoo.org/show_bug.cgi?id=196878
>
> I'm no expert in these matter, but is hard coding "gnome-screensaver"
> into compiz the "right" solution for this problem? Would KDE's
> screensaver or xscreensaver suffer from similar problems that this fix
> doesn't address?
>
> Perhaps the first hunk of the patch catches these cases? Can you shed a
> little light on it for the benefit of the cranially challenged? ;)
>
Actually the problem is in gnome-screensaver, compiz (really
XCompositeUnredirectWindow) just exposes it. The patch to compiz was
just the quickest solution until someone can make gnome-screensaver
not do bad things.
--
Travis Watkins
http://www.realistanew.com
More information about the compiz
mailing list