Date: Thu, 13 Nov 2003 08:17:41 -0600 From: Craig Boston <craig@xfoil.gank.org> To: Terry Lambert <tlambert2@mindspring.com> Cc: current@freebsd.org Subject: Re: xscreensaver bug? Message-ID: <200311130817.41809.craig@xfoil.gank.org> In-Reply-To: <3FB3758A.9B52625D@mindspring.com> References: <20031112091032.GA4425@cactus> <3FB3758A.9B52625D@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Absolutely worst case, the root user could log in remotely, gdb > your screen saver, type "foobar" as the password, and then hack > the authentication function return value to say "yes, that's the > correct password for "jqdkf@army.com", and get in without needing > to have xscreensaver accept the root password. Or, even easier, log in remotely as root and simply "killall -9 xscreensaver". I've had to do that a few times myself when I first tried out pam_krb5 and learned the hard way that xscreensaver doesn't like it very much (and my user account has * in the local password field). Craig
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200311130817.41809.craig>