> Absolutely worst case, the root user could log in remotely, gdb > your screen saver, type "foobar" as the password, and then hack > the authentication function return value to say "yes, that's the > correct password for "jqdkf_at_army.com", and get in without needing > to have xscreensaver accept the root password. Or, even easier, log in remotely as root and simply "killall -9 xscreensaver". I've had to do that a few times myself when I first tried out pam_krb5 and learned the hard way that xscreensaver doesn't like it very much (and my user account has * in the local password field). CraigReceived on Thu Nov 13 2003 - 05:17:48 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:28 UTC