by mail.netbsd.org with SMTP; 13 Jul 2000 11:17:24 -0000
	by munnari.OZ.AU with SMTP (5.83--+1.3.1+0.59) id LA14101;
	Thu, 13 Jul 2000 21:15:08 +1000 (from kre@munnari.OZ.AU)
From: Robert Elz <kre@munnari.OZ.AU>
To: tron@zhadum.de (Matthias Scheler)
Cc: tech-security@netbsd.org
Subject: Re: group for access to the password database 
In-Reply-To: Your message of "11 Jul 2000 16:39:33 GMT."
             <8kfik5$4q1$1@colwyn.zhadum.de> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 13 Jul 2000 21:15:04 +1000
Message-Id: <12617.963486904@mundamutti.cs.mu.OZ.AU>

    Date:        11 Jul 2000 16:39:33 GMT
    From:        tron@zhadum.de (Matthias Scheler)
    Message-ID:  <8kfik5$4q1$1@colwyn.zhadum.de>

  | This might not be enough. "xlock" allows the removal of the screen lock
  | with the "root" password regardless which user is logged in.

That feature is about the biggest "build me a trojan, please" that I think
I've ever seen.

Only a moron would type a root passwd at what looks like an xlock screen.

If you know the root passwd, login elsewhere, su, and kill the xlock that
way, it is orders of magnitude safer.

Breaking xlock's ability to use the root passwd as an "I don't know who
started this process, or what it really is, but I'm going to tell the
root passwd anyway" has to be a feature, not something to worry about.

kre