From owner-freebsd-current@FreeBSD.ORG  Thu Nov 13 08:45:05 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8192316A4CE
	for <current@freebsd.org>; Thu, 13 Nov 2003 08:45:05 -0800 (PST)
Received: from alicia.nttmcl.com (alicia.nttmcl.com [216.69.69.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7DFE043FBF
	for <current@freebsd.org>; Thu, 13 Nov 2003 08:45:04 -0800 (PST)
	(envelope-from ab@astralblue.net)
Received: from astralblue.net (daal.nttmcl.com [216.69.69.11])
	by alicia.nttmcl.com (8.12.9/8.12.5) with ESMTP id hADGipHB045946;
	Thu, 13 Nov 2003 08:45:04 -0800 (PST)
	(envelope-from ab@astralblue.net)
Message-ID: <3FB3B4FB.1050304@astralblue.net>
Date: Thu, 13 Nov 2003 08:44:44 -0800
From: "Eugene M. Kim" <ab@astralblue.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.5) Gecko/20030925
X-Accept-Language: en-us, en, ko-kr, ko
MIME-Version: 1.0
To: Terry Lambert <tlambert2@mindspring.com>
References: <20031112091032.GA4425@cactus> <3FB3758A.9B52625D@mindspring.com>
In-Reply-To: <3FB3758A.9B52625D@mindspring.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
cc: current@freebsd.org
Subject: Re: xscreensaver bug?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Nov 2003 16:45:05 -0000

Terry Lambert wrote:

>jqdkf@army.com wrote:
>
>>I'm new in FreeBSD. I found that after I lock screen with xscreensaver,
>>I can unlock it with the root's password as well as my normal user's
>>password. I don't think it is a good thing. Is it a bug?
>>
>
>It is intentional, although you can eliminate it with a recompile
>of the xscreensaver code, with the right options set.
>

Wouldn't this lead to another security hazard, if a user compile his own 
hacked xscreensaver which captures and stashes the password into a file 
then runs it and leaves the terminal intentionally, `baiting' root? :o

Although I can see the merit of this `feature', I think sysadmins should 
stay away from using it in general.  `su -m thatuser -c "killall 
xscreensaver"' seems to be far safer.

Eugene