[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Security hole (or feature ;) in KDE Screensavers
From:       Rob Kaper <cap () capsi ! cx>
Date:       1999-10-16 18:31:54
[Download RAW message or body]

On Sat, Oct 16, 1999 at 09:40:25PM +0200, Markus Goetz wrote:
> But this is really NO PROTECTION ... if i do a startx from tty1, my X11 is on
> tty7 .. The one who wants acess to my account when i am away from my desktop
> does just have to press CTRL+ALT+F1, then he gets to the X11 Output where i
> used startx to start X11... so now he just has to press CTRL+C to kill X11 and
> has acess to my account and may type rm -rf $HOME ...
> 
> So why the hell is there a password protection in the kde screen savers if it
> is useless ???

It is not.

I have 'startx' aliased as 'exec startx', which means my shell is being
replaced with the startx command/program and as soon as X terminates I will
be logged out.

Also, not everyone enters KDE/X throught startx. Many users log in via
xdm/kdm from a special runlevel, or connect from a X-terminal (the actual
account etc would be located on a completely different computer).

Why the hell is there password protection in Linux when it's useless? Anyone
with a bootdisk or two can mount the original harddrive, use a passwd tool
on /mnt/etc/passwd and change the root password.

Rob
-- 
Rob Kaper | mail: cap@capsi.com + cap@capsi.cx
          | web: http://capsi.com/ + http://capsi.cx/
          | "With a bushel of apples, you can have a hell of a time with the
          | doctor's wife."

[prev in list] [next in list] [prev in thread] [next in thread]