Is it safe to lock the screen with the gnome-screensaver?

2

1

USB driver bug exposed as "Linux plug&pwn" or this link

Two choices [GNOME, Fedora 14]:

1 - use the gnome-screensaver
2 - use the "switch user" function [gnome menu -> log out -> switch user]

So the question is: which one is the safer method to lock the screen, if a user leaves the pc?

Is it true, that using the [2] method is safer?

Why do i think this? - The gnome-screensaver is just a "process", it could be killed. But if you use the log out/switch user function, it's "something else". Using the "switch user" function, could there be a problem like with the gnome-screensaver? Could someone "kill a process" and presto...the lock is removed?
Could the GDM [??] "login windows process" [e.g.: a picture of it] get killed and the "lock" gets owned?
Thank you for any opinion!

p.s.: if the [2] method is safer, then how can i put an icon on the GNOME panel, to launch the "switch user" action by 1 click?

LanceBaynes

Posted 2011-03-08T20:38:47.967

Reputation: 3 510

just to make it clear: you want to use a screensaver which locks the keyboard to prevent the usb-driver-bug-exploit? – akira – 2011-03-08T20:55:02.500

Answers

0

The "Switch user" command does only two things:

  1. It flips between two X11 servers, yours and the one GDM is running on;
  2. It commands the screensaver to lock your session.

In other words, it does not add any more protection.

However, if you are using a kernel that is vulnerable to a bug in the USB driver, no screen locker in the world can protect against it. Even if you make a process that is absolutely unkillable and bulletproof, one with ability to execute code in kernelspace can bypass any userspace locks.

Therefore, the right solution is to fix the kernel vulnerability.

Regarding your second link, "GNOME screen lock ineffective in openSUSE Linux", it's from February 2010, and has been fixed in GNOME 2.28.1 as the article itself says.

user1686

Posted 2011-03-08T20:38:47.967

Reputation: 283 655

Asked: 2011-03-08T20:38:47.967

Viewed: 778 times

Active: 2011-03-08T21:24:02.970