https://bugzilla.novell.com/show_bug.cgi?id=473697 Summary: failsafe kernel allows access without password Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: x86 OS/Version: openSUSE 11.1 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: draeath@gmail.com QAContact: qa@suse.de Found By: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.5) Gecko/20080528 Epiphany/2.22 Firefox/3.0 Using the failsafe kernel does not put you into single user or no-X mode, but instead puts you right into an X11 session already logged in. Anyone can simply reboot the machine and access your data. I suggest having the failsafe kernel load to runlevel 1 and require a root password to continue. Failing that, kdm needs to respect it's configuration 100% of the time, and not use autologin when my system is configured to require a password. Reproducible: Always Steps to Reproduce: 1. Reboot 2. Choose failsafe kernel Actual Results: failsafe X session with my user logged in Expected Results: Runlevel 1 with root login prompt, or failsafe X session at login prompt. I have the KDE 4.2 factory repositories enabled. This may effect my login prompt (or lack thereof) but should have no bearing on the runlevel used by the failsafe boot option. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.