I found out about this just yesterday. If a user is logged in on a different terminal, they can kill a locked gnome-screensaver and have free reign of the desktop.
Granted, leaving oneself logged in on multiple tty's is bad practice in itself, but there should be something that prevents the killing of gnome-screensaver.
That being said, how is a security loophole like this only a 'Wishlist' item?
I found out about this just yesterday. If a user is logged in on a different terminal, they can kill a locked gnome-screensaver and have free reign of the desktop.
Granted, leaving oneself logged in on multiple tty's is bad practice in itself, but there should be something that prevents the killing of gnome-screensaver.
That being said, how is a security loophole like this only a 'Wishlist' item?