Discovered a Linux Security Hole

Problem

The following procedure is not a critical security issue, but you should have this in mind if you powersave your computer the next time.

  1. Start some programs, which will capture alot of RAM. Sometimes it works with less programs😉
  2. powersave -U
  3. Restart you computer and wait until you see a black monitor (Sometimes some characters are on it). Only 2 or 3 seconds later you will see the desktop for only a very short time.
  4. In this time frame (you see the desktop!) you can press ALT+TAB one or more times until the list of window (to choose the application) pops up. Now hold the ATL key and wait until …
  5. You see a black monitor again, but no screesaver will appear. This is the bug! You can release the ALT key, if the black monitor is replaced from your desktop image or so.
  6. Now you can do all things without a password typed in!

I posted this issue to the kde security mailing list, but I got no responds (Maybe it was the wrong addressee or not a big issue…).

This works for me on my suse 10.1 (i586) on all window managers (kde, windowmaker, …).

(2.6.16.21-0.25-default1 kernel, powersave 0.12.20)

Conclusion

If you now think linux is weak in respect to security relevant stuff, I think you are wrong and right at the same time. Because the core linux system of linux (kernel + some apps like shells) are mature and very secure. But if you install a lot open source programs, which can be in alpha or beta status you might get security problems. So the best you can do is update you software or disconnect from internet😉