Re: pam and kerberos + xlock on Debian

To: debian-devel@lists.debian.org
Subject: Re: pam and kerberos + xlock on Debian
From: Michael Stone <mstone@debian.org>
Date: Fri, 16 Nov 2001 23:15:43 -0500
Message-id: <[🔎] 20011116231543.S498@justice.loyola.edu>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] tsl7ksqpryh.fsf@loggerhead.mekinok.com>; from hartmans@debian.org on Fri, Nov 16, 2001 at 12:04:54PM -0500
References: <[🔎] 20011116111519.A23417@aurora.fi.muni.cz> <[🔎] tslbsi2pz8a.fsf@loggerhead.mekinok.com> <[🔎] 20011116175529.A3915@aurora.fi.muni.cz> <[🔎] tsl7ksqpryh.fsf@loggerhead.mekinok.com>

On Fri, Nov 16, 2001 at 12:04:54PM -0500, Sam Hartman wrote:
> Is that really a bad solution?  xlock is designed to be able to be
> setuid.  It's not ideal, but I wouldn't call it bad.

Yes, it's bad. xlock has a history of security problems when setuid,
which is why the debian configuration tries very hard to avoid doing so.
Are there any known problems with suid in the woody/sid version of
xlock? No--but I wouldn't rely on that.

-- 
Mike Stone

Attachment: pgpR3w7MCC5xa.pgp
Description: PGP signature

Reply to:

References:
- pam and kerberos + xlock on Debian
  - From: Martin Povolny <xpovolny@aurora.fi.muni.cz>
- Re: pam and kerberos + xlock on Debian
  - From: Sam Hartman <hartmans@debian.org>
- Re: pam and kerberos + xlock on Debian
  - From: Martin Povolny <xpovolny@aurora.fi.muni.cz>
- Re: pam and kerberos + xlock on Debian
  - From: Sam Hartman <hartmans@debian.org>

Prev by Date: Re: Processed: severity
Next by Date: Re: Processed: severity
Previous by thread: Re: pam and kerberos + xlock on Debian
Next by thread: Re: pam and kerberos + xlock on Debian
Index(es):
- Date
- Thread