>>>>> "Havard" == Havard Eidnes <Havard.Eidnes@runit.sintef.no> writes:


    >> Let me (at least partially) object: making the occasional screen lock
    >> program fail, is a security problem, too. What do xlock{,more} do?
    >> lock?  (That are the in-tree programs that come into my mind). They,
    >> at least, should be able to deal with this.

    Havard> Install lock program suid-root, and this particular problem is
    Havard> gone.  It just might invite a few new ones, but hey! ;-)

    Havard> Isn't this the solution one has to resort to in NetBSD in a
    Havard> non-NIS environment anyway to get access to the master password
    Havard> file?  The code path to snarf the crypted strings out of the NIS
    Havard> map or the master password and then relinquishing the root privs
    Havard> should not be that difficult to inspect for security problems
    Havard> caused by making the program suid-root?

  This should be a standard program that we have: /bin/checkpass or
something. It can do the appropriate sleep if fail, etc.. I'd run it 
in a loop:
	for i in 0 1 2 3 4 5 6 7 8 9
	do checkpass
	done

  After changing password so that I'd be sure that I'd put it in my brain
correctly.

   :!mcr!:            |  Network and security consulting/contract programming
   Michael Richardson |         Firewalls, TCP/IP and Unix administration
 Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
 Corporate: http://www.sandelman.ottawa.on.ca/SSW/
	ON HUMILITY: To err is human, to moo bovine.