Hacker News new | ask | show | jobs
by LoganDark 18 days ago
IMO if the security of a system depends on the lock screen not crashing then the system is not very secure. Security protocols should never fail open like that; a lock screen should never simply be a layer on top of the authenticated desktop. Windows and macOS get this right. I believe Wayland display managers are also able to get this right (but I haven't checked).
2 comments
eqvinox 18 days ago
I don't know why X11 didn't just add an extension that a client can enable saying "if this client exits unexpectedly/uncleanly [without disabling the extension], just kill the X11 session".
link
yjftsjthsd-h 18 days ago
Yes, Wayland should fix this. Granted, then you have a locked screen that the user may or may not be able to unlock, which is awkward if better.
link
LoganDark 17 days ago
Wayland the protocol already fixes this -- there's nothing that exactly requires a display manager to not have a completely separate desktop for the unauthenticated state, where a trusted application (or the display manager itself) can accept credentials in order to authorize a transition to the authenticated state, and where a crash of the trusted application or lock screen does not result in access to the authenticated state. I just dunno if anyone does that yet. I'm sure somebody must have...

> Granted, then you have a locked screen that the user may or may not be able to unlock, which is awkward if better.

The most secure system is one that cannot be accessed, technically. In some cases it's better not to let anybody in than to let an attacker in (technically). Of course, this is frustrating for the user.

link
yjftsjthsd-h 17 days ago
> The most secure system is one that cannot be accessed, technically.

No, security includes Confidentiality, Integrity, and Availability; a lockscreen DoS is a problem

link
LoganDark 17 days ago
Yes, a DoS is a problem, but it doesn't let an attacker in. Like, if an employee of a company can't get through their lock screen to access a confidential shared server, that is far less bad than an attacker downloading the entire server and leaking it online. But yes, of course, if suddenly no employees could get through their lock screens, that would still be quite bad -- but it only takes one attacker getting in to cause damage.
link
account42 17 days ago
Depending on the implementation and exactly which component crashed, you may still unlock the session from the console in a different VT.
link