[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: seteuid() in kscreensaver
From: "Rik Hemsley" <rikkus () postmaster ! co ! uk>
Date: 1999-03-10 0:52:23
[Download RAW message or body]
> Oh, are here security experts around?
> Perhaps you know, kcheckpass is writing to the system log, in
> case of an authentication failure (wrong password).
> What do you think about not writing to the log, if the
> password is the empty string. I had admin reports telling
> me the system logs fill up with such messages originating
> from users trying to switch off their (or others) "screen
> saver" by pressing "Return".
> I don't see a possible exploit out of this - anybody else?
Finally a thread I understand - all this coding guff is massacring my grey
cells ;)
I have certainly never heard of anyone trying to break things by entering a
blank password. It just wouldn't work anyway.
I would say that I consider a login attempt that didn't supply a password to
not actually be a login event. I think some systems ignore this anyway as on
certain terminals you naturally press enter a couple of times when you sit
down to make sure it's listening to you.
So: It's not a failed login, it's not counted as a login at all IMO.
Cheers,
Rik
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic