[Bug 739680] New: Login security proglem
https://bugzilla.novell.com/show_bug.cgi?id=739680 https://bugzilla.novell.com/show_bug.cgi?id=739680#c0 Summary: Login security proglem Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: x86-64 OS/Version: SuSE Other Status: NEW Severity: Enhancement Priority: P5 - None Component: GNOME AssignedTo: bnc-team-gnome@forge.provo.novell.com ReportedBy: k.rautavuori@gmail.com QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0) Gecko/20100101 Firefox/9.0 When leaving the gnome desktop unused so it goes to the locked state, i am then able to choose 'switch user' and be redirected to the login screen.
From there i am able to select power of or reboot - and all this without ever entering a password anywhere. I would guess that this is not a behaviour that was in the developers mind, and it should be given some consideration on how to better manage the security of these steps.
Reproducible: Always Steps to Reproduce: 1.lock screen 2.select 'switch user' 3.do anything you like with the upper right corner power switch Actual Results: The ability to power down the computer even if someone has programs running behind a locked session, and all this without having to use a password Expected Results: A password should be entered to perform powerdown if there is somebody actually using the computer. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=739680
https://bugzilla.novell.com/show_bug.cgi?id=739680#c1
Richard Brown
https://bugzilla.novell.com/show_bug.cgi?id=739680
https://bugzilla.novell.com/show_bug.cgi?id=739680#c2
Atri Bhattacharya
participants (1)
-
bugzilla_noreply@novell.com