[Bug 759815] New: gnome 3 slow keys is a denial of service attack
https://bugzilla.novell.com/show_bug.cgi?id=759815 https://bugzilla.novell.com/show_bug.cgi?id=759815#c0 Summary: gnome 3 slow keys is a denial of service attack Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: andi-nbz@firstfloor.org QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:12.0) Gecko/20100101 Firefox/12.0 When you press shift too long on the gnome 3 gdm login screen it goes into "slow keys mode". There's no way to opt out or disable it again. There's no visual indication that this is active. You just cannot type anymore. It makes it nearly impossible to log in, absolutely impossible to switch console or kill the X server, and the only way to recover from it is to reboot, run in run level 3 and delete an undocumented file in /var I only found by grepping. As far as I can tell this is a denial of service attack on any locked or unlogged in system and I would consider it a security issue. In my case i had to switch consoles to login (due to the pam_mount update procedure being ahem less that perfect), so the only way out was actually a power switch. But then after the power switch that slow key DoS was still active. Reproducible: Always Steps to Reproduce: 1. press shift for a long time in gdm 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=759815
https://bugzilla.novell.com/show_bug.cgi?id=759815#c1
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=759815
https://bugzilla.novell.com/show_bug.cgi?id=759815#c2
Vincent Untz
https://bugzilla.novell.com/show_bug.cgi?id=759815
https://bugzilla.novell.com/show_bug.cgi?id=759815#c3
--- Comment #3 from Andi N Kleen
https://bugzilla.novell.com/show_bug.cgi?id=759815
https://bugzilla.novell.com/show_bug.cgi?id=759815#c4
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=759815
https://bugzilla.novell.com/show_bug.cgi?id=759815#c5
Vincent Untz
vincent? did yoyu try this yourself?
Yes. Did you try it before reopening? :-) Here's what I see: a) if I press shift for 8-10 seconds, I get a notificaiton telling me that we're now using slow keys b) if I press the "b" key for 0.5 second, "b" will be typed (yes, that's slow keys) c) if I press shift for 8-10 seconds again, slow keys get disabled and I can type normally. Now, there's one bug which is really not a DoS in any way: the slow keys item in the accessibility icon doesn't correctly reflect the state of this option. I can still click on the option to disable slow keys, though. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=759815
https://bugzilla.novell.com/show_bug.cgi?id=759815#c6
--- Comment #6 from Vincent Untz
participants (1)
-
bugzilla_noreply@novell.com