On Fri, Nov 16, 2001 at 12:04:54PM -0500, Sam Hartman wrote: > Is that really a bad solution? xlock is designed to be able to be > setuid. It's not ideal, but I wouldn't call it bad. Yes, it's bad. xlock has a history of security problems when setuid, which is why the debian configuration tries very hard to avoid doing so. Are there any known problems with suid in the woody/sid version of xlock? No--but I wouldn't rely on that. -- Mike Stone
Attachment:
pgpR3w7MCC5xa.pgp
Description: PGP signature