On Mon, 23 Nov 1998, UNIX hacker and security officer wrote:

: 2)  You should be able to unlock a screensaver with the root password!

: 3)  Currently, xlock needs to be setuid root because it can't get passwords
: 	otherwise.
: 
: It seems to this country wolf that something by which password authentication
: can be done securely without compromising the integrity of the rest of the
: system

I definitely consider getting root's crypted password compromising the
integrity of the system.  _No_ process without root privileges should be
able to get that.  A BSD-Auth external program doesn't count; how does it
verify securely that the process requesting root's pw should be allowed to
get it?

-- 
-- Todd Vierling (Personal tv@pobox.com; Bus. todd_vierling@xn.xerox.com)