Terry Lambert wrote: >jqdkf_at_army.com wrote: > >>I'm new in FreeBSD. I found that after I lock screen with xscreensaver, >>I can unlock it with the root's password as well as my normal user's >>password. I don't think it is a good thing. Is it a bug? >> > >It is intentional, although you can eliminate it with a recompile >of the xscreensaver code, with the right options set. > Wouldn't this lead to another security hazard, if a user compile his own hacked xscreensaver which captures and stashes the password into a file then runs it and leaves the terminal intentionally, `baiting' root? :o Although I can see the merit of this `feature', I think sysadmins should stay away from using it in general. `su -m thatuser -c "killall xscreensaver"' seems to be far safer. EugeneReceived on Thu Nov 13 2003 - 07:45:05 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:28 UTC