Eugene M. Kim
ab at astralblue.net
Thu Nov 13 08:45:05 PST 2003
Terry Lambert wrote:
>jqdkf at army.com wrote:
>>I'm new in FreeBSD. I found that after I lock screen with xscreensaver,
>>I can unlock it with the root's password as well as my normal user's
>>password. I don't think it is a good thing. Is it a bug?
>It is intentional, although you can eliminate it with a recompile
>of the xscreensaver code, with the right options set.
Wouldn't this lead to another security hazard, if a user compile his own
hacked xscreensaver which captures and stashes the password into a file
then runs it and leaves the terminal intentionally, `baiting' root? :o
Although I can see the merit of this `feature', I think sysadmins should
stay away from using it in general. `su -m thatuser -c "killall
xscreensaver"' seems to be far safer.
More information about the freebsd-current