COMMAND

    vlock & logout

SYSTEMS AFFECTED

    Linux

PROBLEM

    Czako  Krisztian  found  following.   There's  a possible security
    problem using auto idle logout  programs and vt lockers.   Try the
    following:

        get the pid of your shell,
        (sleep 10s ; kill -HUP <pid-of-your-shell) &
        vlock -a

    After vlock -a,  you can't change  the virtual console  on a Linux
    terminal.  But if you log in, start vlock -a, enter your  password
    you can change vt...

    The same happens  when an auto  idle logout program  logs you off.
    The vlock (maybe  lockvt also)   program doesn't terminate  itself
    after a SIGHUP, which  is ok, but after  this, anyone can log  in,
    start vlock -a,  enters his/her password,  and get full  access to
    the console.

SOLUTION

    Possible solutions:

        - don't use vlock/lockvt
        - don't use auto idle logout program
        - as root, never leave your terminal. log off.

    If you want to leave, use screen, detach it and log out.