Before I couldn't login back into KDE after locking the screen or even change my password using passwd. kcheckpass would fail. I did not run harden_suse (it doesn't even work in SuSE 8.1), but what I did is use permissions.paranoid in /etc. The way I fixed this was to add read permission to /etc/shadow: chmod 644 /etc/shadow ...anybody care to comment on the security issues related to this? On Monday 18 November 2002 11:06, Ahbaid Gaffoor wrote:
Sorry, didn't send this to the list
yes, you are correct and KDE gives a nice warning when you set the suid bit...
so it has to be 0755
I actually am having problems with kceckpass now, it's telling me that perfectly valid passwords are invalid...
Anders Johansson wrote:
On Monday 18 November 2002 16.33, Peter Nixon wrote:
Did you run harden_suse or something similar? /opt/kde3/bin/kdesktop_lock should have permission 4755 just like su to be able to unlock the screen..
That sounds like a security risk to me. Doesn't kdesktop_lock run the screensaver? All a user would have to do is to install his own screensaver, properly made of course :), and he'd be root.
/opt/kde3/bin/kcheckpass on the other hand should be suid
--
Karol Pietrzak