F7 T2 Security Leak?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: F7 T2 Security Leak?
From: Michaël Vanderheeren <michael.vanderheeren@xxxxxxxxx>
Date: Sun, 4 Mar 2007 17:53:56 +0100
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:reply-to:from:to:subject:date:mime-version:content-type:x-mailer:thread-index:content-language:message-id; b=KlKvfHu3g9eHEYKWSd4Vh+59RwW6YRWv5UXs+L9/+UjIz0hwzGxjPn6+aQyJo2phMopMGv5RTBCVv90IKdYVF/MYrf4dEXxbVIOxj849SdJqBr34/MK5LgnVtAu86hf8azdEptw8uzhND5b8XYGNcS9/1xYMFqAwqcSwLUQzK0o=
Reply-to: michael.vanderheeren@xxxxxxxxx
Thread-index: AcdefbKQU2yY6VMySAOwv+MrIQrSCw==

I think there's a security leak in F7. I found out the next thing:

Look at this situation:

There are 2 accounts on a computer, call them A and B. Each account has it's own different password.

Person A starts up the computer and logs in. But at a certain point person B wants to use his account for 5 minutes. So he uses the Fast User Switch. As this happens person A's account stays active. But… person B can switch back to person A's account without entering a password! So if person A is gone for a while, person B can steal his documents, delete files, …

Greetings,

Michaël Vanderheeren

--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list

Follow-Ups:
- Re: F7 T2 Security Leak?
  - From: Rahul Sundaram

Prev by Date: Re: [Fedora-livecd-list] Security LiveCD
Next by Date: Re: F7 T2 Security Leak?
Previous by thread: [Bug 230927] New: CVE-2007-1103: tor information disclosure
Next by thread: Re: F7 T2 Security Leak?
Index(es):
- Date
- Thread

[Home] [Fedora Legacy List] [Fedora Maintainers] [Fedora Desktop] [Red Hat 9 Bible] [Fedora Bible] [Fedora SELinux] [Big List of Linux Books] [Yosemite News] [Yosemite Photos] [KDE Users] [Coolkey] [Fedora Tools]