Quick fix for X.org screensaver bypass

This vulnerability is quite annoying if you’re locking your desktop in work or anywhere else.

In short, one is able to kill xorg’s xscreensaver’s lock by just pressing alt-ctrl-* or alt-ctrl-/ (both * and / need to be from the keypad).

A workaround that was posted suggests to modify files in the system. If you don’t want to (like me – for various reasons) then you can do this on-the-fly.

Put the following script in a file and make it run whenever you log in to your X session (e.g. by putting it in ~/.kde/Autostart/ if you’re using KDE):

#!/bin/bash

xkbcomp :0 - > /tmp/xkbcomp
cat /tmp/xkbcomp \
 | sed -n '/key <KPMU> {/,/^ *}/ !p' \
 | sed -n '/key <KPDV> {/,/^ *}/ !p' \
 > /tmp/xkbcomp.new
xkbcomp /tmp/xkbcomp.new :0

On each login, this will get rid of the offending xkb entries.

Leave a Reply

Your email address will not be published. Required fields are marked *