mailing list archives
Re: vlock vulnerability in RedHat 7.0
From: Luca Berra <bluca () comedia it>
Date: Wed, 8 Nov 2000 21:46:14 +0100
On Wed, Nov 08, 2000 at 09:53:24AM -0500, Jon Lewis wrote:
Contrary to the prompt and the man page, the root password will not unlock
this VC. The user's password, entered at either of the (jlewis|root)'s
Password: prompts will unlock the VC. I've tested this on Red Hat 6.2 and
It's a feature!
This is due to PAM, all this type of programs (xlock is another)
are not setuid, the pam libraries invoke a suid helper /sbin/pwdb_chkpwd
that checks the password only for the user that is invoking it.
so no more root unlocking display.
(this is not an issue if root can remotely login to the machine and
kill the lock process)
Luca Berra -- bluca () comedia it
Communication Media & Services S.r.l.