[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pam and kerberos + xlock on Debian

On Fri, Nov 16, 2001 at 12:04:54PM -0500, Sam Hartman wrote:
> Is that really a bad solution?  xlock is designed to be able to be
> setuid.  It's not ideal, but I wouldn't call it bad.

Yes, it's bad. xlock has a history of security problems when setuid,
which is why the debian configuration tries very hard to avoid doing so.
Are there any known problems with suid in the woody/sid version of
xlock? No--but I wouldn't rely on that.

Mike Stone

Attachment: pgpR3w7MCC5xa.pgp
Description: PGP signature

Reply to: