xscreensaver bug?

Eugene M. Kim ab at astralblue.net
Thu Nov 13 08:45:05 PST 2003

Terry Lambert wrote:

>jqdkf at army.com wrote:
>>I'm new in FreeBSD. I found that after I lock screen with xscreensaver,
>>I can unlock it with the root's password as well as my normal user's
>>password. I don't think it is a good thing. Is it a bug?
>It is intentional, although you can eliminate it with a recompile
>of the xscreensaver code, with the right options set.

Wouldn't this lead to another security hazard, if a user compile his own 
hacked xscreensaver which captures and stashes the password into a file 
then runs it and leaves the terminal intentionally, `baiting' root? :o

Although I can see the merit of this `feature', I think sysadmins should 
stay away from using it in general.  `su -m thatuser -c "killall 
xscreensaver"' seems to be far safer.


More information about the freebsd-current mailing list