[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: trust [was Re: Open Xlock as root]



On Mon, Dec 13, 1999 at 06:35:53PM +0100, Pavel Kankovsky wrote:
> On Sat, 11 Dec 1999, Savochkin Andrey Vladimirovich wrote:
> > The real thing which can be easily done today is to teach users to use
> > `vlock -a' rather than xlock.  I've never used xlock since once I saw an
> > unlocked terminal with a nice message about segmentation fault in xlock when
> > I came from lunch.
> 
> What makes vlock resistant to the attack I described (reminder: use a big
> hammer to terminate the locked session and run your own "bugged" version
> pretending to be the old one)?

Ok, ok.  Nothing makes it resistant (at least I don't know how to do it).

However you should admit that `vlock' with extra privileges to verify root's
password (directly or being able to talk with a helper binary) is much more
pleasant than `xlock' :-)

Best wishes
		Andrey



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []