[EMAIL PROTECTED] wrote:
I'm new in FreeBSD. I found that after I lock screen with xscreensaver, I can unlock it with the root's password as well as my normal user's password. I don't think it is a good thing. Is it a bug?
It is intentional, although you can eliminate it with a recompile of the xscreensaver code, with the right options set.
Wouldn't this lead to another security hazard, if a user compile his own hacked xscreensaver which captures and stashes the password into a file then runs it and leaves the terminal intentionally, `baiting' root? :o
Although I can see the merit of this `feature', I think sysadmins should stay away from using it in general. `su -m thatuser -c "killall xscreensaver"' seems to be far safer.
Eugene
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
