https://bugzilla.novell.com/show_bug.cgi?id=229336 ------- Comment #4 from mhopf@novell.com 2007-01-02 09:54 MST ------- (In reply to comment #3)
About security, you must have a really bad admin (which teaches you) to enter the root password into everything that looks like a screensaver (prompt).
You're not really thinking before making these accusations?!? With almost 10 years of security experience (5+ years as admin, building up a completely new infrastructure at the University for my Professor and only a single break-in due to a *very* bad password and wrong access rights of a different user, who subsequently typed in the root password) I think I know a bit about this topic. Still learning, of course. Don't tell me this type of user shouldn't have the root pwd, I know that myself (it's never the admin who makes the policy...). By prohibiting killing the screensaver with the root password you gain nothing. Nada. Zero. I already typed it in, so if this was the screensaver of a bad guy it would have been captured anyway. But this is about a completely different issue. It's just much more convenient, to kill the screensaver with the root password if the PAM module cannot authenticate you any more (network doesn't work any longer after suspend, so NIS doesn't know you any longer). I'm talking about my personal workstation and laptops, where I started the locking program myself. It's also much more convenient to be able to remove the screen saver without locking into another computer (here where everybody knows the root password) if you absolutely need to access a computer. Hell, you would log into the computer with the root password anyway. It's a different issue in an environment with untrusted users, of course. There you should never type in the root password in an unsafe environment, but under linux we almost by definition don't have something like that. Windows has Ctrl-Alt-Del for that (which is captured by the kernel), but Linux doesn't have an equivalent. So anybody could fake the login screen and capture the root password. This is no different to a "personalized" screen locker. By the way - the proposed behavior (being able to kill with root pwd) is also the default behavior of both xlock and xscreensaver... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.