Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: vlock vulnerability in RedHat 7.0
From: Jon Lewis <jlewis () LEWIS ORG>
Date: Wed, 8 Nov 2000 09:53:24 -0500

On Tue, 7 Nov 2000, Bartlomiej Grzybicki wrote:

I've tried to lock all virtual consoles
in RedHat 7.0 using vlock, which
is delivered with this release of RedHat.

If user root locks all consoles - it's no problem,
but if normal user locks consoles then
anybody can unlock without typing a password.

As long as someone is looking at the code for vlock, here's another bug.
When you use vlock to lock a VC, it prompts you for your password to
unlock. i.e.

This TTY is now locked.
Please enter the password to unlock.
jlewis's Password:

If you hit enter, it prompts you for the root password to unlock.

This TTY is now locked.
Please enter the password to unlock.
jlewis's Password: [pressed enter]
root's Password:

Contrary to the prompt and the man page, the root password will not unlock
this VC.  The user's password, entered at either of the (jlewis|root)'s
Password: prompts will unlock the VC.  I've tested this on Red Hat 6.2 and
7.0.

----------------------------------------------------------------------
 Jon Lewis *jlewis () lewis org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]