Craig Boston wrote: > > Absolutely worst case, the root user could log in remotely, gdb > > your screen saver, type "foobar" as the password, and then hack > > the authentication function return value to say "yes, that's the > > correct password for "[EMAIL PROTECTED]", and get in without needing > > to have xscreensaver accept the root password. > > Or, even easier, log in remotely as root and simply "killall -9 xscreensaver". > I've had to do that a few times myself when I first tried out pam_krb5 and > learned the hard way that xscreensaver doesn't like it very much (and my user > account has * in the local password field).
I've seen a kill of xscreensaver using a nontrappable signal leave the focus permanently hosed (until the X server is restarted); not very useful, if you want to poke around in the active session. -- Terry _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"