Message: previous - next
Month: November 2013

Re: [trinity-devel] Possible security glitch with switching users?

From: "Timothy Pearson" <kb9vqf@...>
Date: Sat, 9 Nov 2013 23:53:30 -0600
> ----- Messaggio originale -----
>> Da: Darrell Anderson <darrella@...>
>> A: trinity-devel@...
>> Cc:
>> Inviato: Domenica 10 Novembre 2013 9:06
>> Oggetto: Re: [trinity-devel] Possible security glitch with switching
>> users?
>>> I don't know whether this is a security glitch or PEBKAC.
>>> I was testing the graphical login with TDM:
>>> * I logged in as User 1.
>>> * From the TDE menu I selected Switch User->Start New Session.
>>> * I logged in as User 2.
>>> * I switched to User 1 *without* needing a password.
>>> * I switched to User 2 and needed a password.
>>> * I typed the password, switched to User 1, and needed a password.
>>> I repeated this exercise three times with a system reboot each
>>> time. Each time the first instance of switching did not require a
>>> password.
>>> Further, I was not always asked for a password on subsequent
>>> switching, especially when I used the keyboard toggles of Ctrl-Alt-
>>> F7 and Ctrl-Alt-F8.
>>> SAK is disabled.
>>> I only used Switch User->Start New Session. I did not use Switch
>>> User->Lock Current & Start New Session.
>>> Thoughts?
>> BTW, seems to me there should be no password required when using
>> 'Start New Session' --- that is what the 'Lock Current & Start
>> New
>> Session' option should be for?
>> Darrell
> Darrell, how long did you work in one session before switching to the
> other one? Just wondering if there is some kind of inactivity timer that
> locks a session when not being used for a while. That may explain the
> different behavior you have seen, even though it sounds a little weird to
> say the least

AFAIK "Start New Session" does not lock the current session, whereas
selecting an existing session will lock the current session. On my systems
there is a second menu entry for "Lock Current & Start New Session" if it
is desired to lock the screen before starting the new session.