I'm running RH9 with Gnome.
I found a security breach in GDM:
in the login screen, choose failsafe session.
login with your username
activate one of the system configuration application (like redhat-config-users).
I would expect to enter the root password for that, but it never happened. A regular user can change the users on the machine without knowing the root password.
I tried to repeat this scenario, but this time I was asked for the root password. (I tried this more than once.)
Has anyone encountered this before?
David.
_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
