|
Vulnerability kernel (Idle Lock) Affected Mac OS 9 Description Sean Sosik-Hamor found following. It's possible to set up the Finder so that, if the current user goes idle, the screen will be locked. A simple dialog box is displayed stating that the system has been idle for too long and a password must be entered. You have two options. Click OK and enter the password to return to your session or click OK and click Log Out. It's possible to seize control of Mac OS under certain conditions by clicking Log Out. Some applications have the "feature" of asking you if you're sure that you want to quit. For example, if connected to a UNIX host using NiftyTelnetSSH, it will ask you if you're sure you want to disconnect when the application quits. Other applications with unsaved data will ask if you want to save changes. Most of these dialog boxes have OK and Cancel or Yes, No and Cancel for options. Hitting Cancel at any of these "are you use" dialog boxes will stop the logout process and return you to the current session. If there are any such applications open that ask if you would like to save changes, hitting the "cancel" option on such applications will abort the logout and the screen lock will no longer be active, returning you to the user's session, allowing you access to all of the user's files, data, etc, etc. Solution It has been filed into our bug database as ID #2404562. It will be assigned to the appropriate engineers. So, the current solution is to close all applications when locking your session so that it is not possible to circumvent the logout process.