Eugene M. Kim wrote:
Validating a root password is possible with other means in many cases,
if not always. OpenSSH sshd is a good example. Even with
PermitRootLogin set to no, the attacker can differentiate whether the
password has been accepted or not.
That's because the software in
Craig Boston wrote:
Absolutely worst case, the root user could log in remotely, gdb
your screen saver, type foobar as the password, and then hack
the authentication function return value to say yes, that's the
correct password for [EMAIL PROTECTED], and get in without needing
to have
Eugene M. Kim wrote:
Terry Lambert wrote:
I'm new in FreeBSD. I found that after I lock screen with xscreensaver,
I can unlock it with the root's password as well as my normal user's
password. I don't think it is a good thing. Is it a bug?
It is intentional, although you can eliminate it
Terry Lambert wrote:
Eugene M. Kim wrote:
Terry Lambert wrote:
I'm new in FreeBSD. I found that after I lock screen with xscreensaver,
I can unlock it with the root's password as well as my normal user's
password. I don't think it is a good thing. Is it a bug?
It is intentional, although you
[EMAIL PROTECTED] wrote:
I'm new in FreeBSD. I found that after I lock screen with xscreensaver,
I can unlock it with the root's password as well as my normal user's
password. I don't think it is a good thing. Is it a bug?
It is intentional, although you can eliminate it with a recompile
of
Absolutely worst case, the root user could log in remotely, gdb
your screen saver, type foobar as the password, and then hack
the authentication function return value to say yes, that's the
correct password for [EMAIL PROTECTED], and get in without needing
to have xscreensaver accept the root
Terry Lambert wrote:
[EMAIL PROTECTED] wrote:
I'm new in FreeBSD. I found that after I lock screen with xscreensaver,
I can unlock it with the root's password as well as my normal user's
password. I don't think it is a good thing. Is it a bug?
It is intentional, although you can eliminate it
Hi,
I'm new in FreeBSD. I found that after I lock screen with xscreensaver,
I can unlock it with the root's password as well as my normal user's
password. I don't think it is a good thing. Is it a bug?
Regards,
--
Zeng Nan
Simple is Beautiful.
___
[EMAIL PROTECTED] wrote:
Hi,
I'm new in FreeBSD. I found that after I lock screen with xscreensaver,
I can unlock it with the root's password as well as my normal user's
password. I don't think it is a good thing. Is it a bug?
It is not a bug, but rather a feature of xscreensaver. It has (to the
