* [gentoo-user] lirc / irkick Minor Security Hole?
@ 2009-10-15 9:39 daid kahl
0 siblings, 0 replies; only message in thread
From: daid kahl @ 2009-10-15 9:39 UTC (permalink / raw
To: gentoo-user
Hello,
This is not strictly a Gentoo issue, but since we have a good habit to
report upstream bugs and security issues (and I use Gentoo), I wanted
to run by a possible security hole to others.
When my machine is locked, I can still use an IR remote, running
through lirc and programmed through irkick, as though the machine was
unlocked. What likely security area this falls under is not very
serious, as someone would need to program a remote control to do
strange commands to have any sense of taking control of the machine,
and said user must also be local. But, the IR remote should still be
unresponsive when the machine is locked (similar to hot keys).
I am using KDE 3.5.10, so it's possible this has been resolved in more
recent versions. I assume irkick is to blame, but in principle it
might be related to lirc.
Does anyone have thoughts? Is this worth a security bug report? How
would I determine if it's lirc or irkick, or should I just submit to
Gentoo devs and maybe they would know better?
Regards,
daid
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2009-10-15 9:39 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-10-15 9:39 [gentoo-user] lirc / irkick Minor Security Hole? daid kahl
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox