Workaround CVE-2012-0064, password-locked X screen savers can be bypassed

with Ctrl Alt *. This is not the complete fix but mitigates the issue for now. Bug was introduced to OpenBSD in the xserver update on 2011/11/05 (commit 7d2543a3cb3 upstream), so it affects -current since that date, but no OpenBSD releases. ok matthieu@ phessler@ dcoppa@, also tested by schwarze@, jj@ If you want this fix before new snapshots are available, copy the new file to /usr/X11R6/share/X11/xkb/compat/xfree86 and reload the kbmap e.g. setxkbmap $(setxkbmap -query | awk '/layout/ { print $2 }')
author: Stuart Henderson <sthen@cvs.openbsd.org> 2012-01-19 16:18:56 +0000
committer: Stuart Henderson <sthen@cvs.openbsd.org> 2012-01-19 16:18:56 +0000
commit: 697f12bb5d4f69cd9507fd44b850a5f51383a7f0 (patch)
tree: a7abb2df5a49d45e14390b0026b46e9d5f02a0eb /dist
parent: 98125d2304c46978a1964189d1989495ab25aa3e (diff)
1 files changed, 0 insertions, 6 deletions
diff --git a/dist/xkeyboard-config/compat/xfree86 b/dist/xkeyboard-config/compat/xfree86
index cf4a8b22b..caa9dce38 100644
--- a/dist/xkeyboard-config/compat/xfree86
+++ b/dist/xkeyboard-config/compat/xfree86
@@ -41,12 +41,6 @@ default partial xkb_compatibility "basic"  {
         action = SwitchScreen(Screen=12, !SameServer);
     };
 
-    interpret XF86_Ungrab {
-        action = Private(type=0x86, data="Ungrab");
-    };
-    interpret XF86_ClearGrab {
-        action = Private(type=0x86, data="ClsGrb");
-    };
     interpret XF86LogGrabInfo {
         action = Private(type=0x86, data="PrGrbs");
     };
author	Stuart Henderson <sthen@cvs.openbsd.org>	2012-01-19 16:18:56 +0000
committer	Stuart Henderson <sthen@cvs.openbsd.org>	2012-01-19 16:18:56 +0000
commit	697f12bb5d4f69cd9507fd44b850a5f51383a7f0 (patch)
tree	a7abb2df5a49d45e14390b0026b46e9d5f02a0eb /dist
parent	98125d2304c46978a1964189d1989495ab25aa3e (diff)