[2519] in SIPB bug reports
xscreensaver
daemon@ATHENA.MIT.EDU (kkkken@Athena.MIT.EDU)
Wed Feb 26 18:47:43 1992
From: kkkken@Athena.MIT.EDU
Date: Wed, 26 Feb 92 18:47:24 -0500
To: honor@Athena.MIT.EDU
Cc: bug-sipb@Athena.MIT.EDU
In-Reply-To: In reply to <9202262307.AA16679@W20-575-29.MIT.EDU>
I understand that workstations are highly in demand, and people do
nasty things to try to keep "possession" of them against the terms of
the Athena rules of use. However, in identifying xscreensaver as the
problem, I think you're completely wrong, for many reasons. These
arguments have been tossed around before; maybe someone should write a
file so we can mail it to whomever asks about this next. I present
my view of a summary of this issue...
>> ... it's extremely easy to hack the elapsed time
>> displayed by xscreensaver so that it never registers > 20 minutes.
>> Fingering at the workstation isn't always valid (nor possible, if you
>> can't borrown somebody's xterm for a few moments), because the utmp
>> file can also be hacked.
No matter what we do to xscreensaver (beyond deleting it), people can
abuse it. People can grab the sources and build their own version,
getting rid of any hard-and-fast time limit (or other modification) we
might put in. There is nothing we or anyone can do about people
hacking utmp. There is nothing we can do about people getting rid of
or faking the elapsed time display. There is fundamentally no way to
make it "unabusable." This is not meant to be a hard-and-fast
argument over making simple improvements, but I don't think we should
get ourselves into the kind of cat-and-mouse game that, say, copy
protection people have.
>> A user who reboots an "illegally saved workstation" shouldn't have
>> to deal with the user who was originally logged on there, but
>> sometimes they are forced to. The original users often are angry, and
>> they don't care about the policies (if they did, they wouldn't have
>> abused xscreensaver in the first place).
Even if it were unabusable, or if we deleted it (and no one else wrote
their own; they're not hard to write), you'll still have to deal with
people coming back to bother you. I have found workstations sitting
unlocked, with a piece of paper saying to leave it alone. I log them
out and have to deal with them. Living with other people is part of
life. There is fundamentally no way to avoid dealing with other
people.
>> A user shouldn't have to wait for the workstation to reboot.
>> RS6000's and vaxstation 2000's take forever to reboot. Additionally,
>> many users don't know how to reboot workstations, and it's not their
>> responsibility to know how.
In my opinion, this is a minor point. I think it would be an advantage
to have there be some way of asking xscreensaver to blow all the other
person's processes and authentication information away (i.e., log him
out the hard way.) Perhaps someone will feel motivated to add this to
xscreensaver. But the truth is, rebooting doesn't really take that
long. And you can watch all that cryptic start-up stuff --- see how
many daemons you can identify!
Sorry I can't be of more help.
Kenneth J. Duda
MIT Network Services
Member, Student Information Processing Board
<kkkken@mit.edu>
