[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Open Xlock as root



David Wragg wrote:
> I would be wary of using account passwords at all, root or
> otherwise. It would be pretty easy for a user to hack the xscreensaver
> source to record the typed password, run the hacked version on a
> machine, then go and find a stressed sysadmin...

This is another reason why having a mandated lax default is bad. Perhaps
the helper binary could require a commandline argument _and_ the
possession of some egid? In that way you could setgid-shadow the real
xlock binary (to activate the support in the helper when its invoked)
but keep the shadow file 400 root.

In general, you bring up a really interesting issue. The whole thing
about trusted path. Mmm, could you get around this with a different kind
of module and a trusted GUI agent + some crypto?

Cheers

Andrew



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []