> Let me (at least partially) object: making the occasional
> screen lock program fail, is a security problem, too. What do
> xlock{,more} do? lock?  (That are the in-tree programs that
> come into my mind). They, at least, should be able to deal with
> this.

Install lock program suid-root, and this particular problem is
gone.  It just might invite a few new ones, but hey! ;-)

Isn't this the solution one has to resort to in NetBSD in a
non-NIS environment anyway to get access to the master password
file?  The code path to snarf the crypted strings out of the NIS
map or the master password and then relinquishing the root privs
should not be that difficult to inspect for security problems
caused by making the program suid-root?


- H=E5vard