[12397] in bugtraq
Re: AW: Mac OS 9 Idle Lock Bug
daemon@ATHENA.MIT.EDU (Greg Francis)
Mon Nov 1 23:45:06 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.HPX.4.02.9911011316210.26818-100000@barney.gonzaga.edu>
Date: Mon, 1 Nov 1999 13:26:18 -0800
Reply-To: Greg Francis <francis@GONZAGA.EDU>
From: Greg Francis <francis@GONZAGA.EDU>
X-To: Mike Eldridge <diz@CAFES.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.9911011325260.3563-100000@mail.cafes.net>
On Mon, 1 Nov 1999, Mike Eldridge wrote:
> So, the current solution is to close all applications when locking your
> session so that it is not possible to circumvent the logout process.
If you save all documents before locking the computer, that should work
also. Most apps will quit without a dialog box even with documents open if
the document has not had any changes made to it since it was last saved.
> I'm sure Apple will have a fix ready for this as soon as humanly possible
> since they are touting the security benefits of MacOS 9. In my opinion,
> the option to logout should be removed altogether, as you should have to
> supply the password to logout anyway.
Apple may be touting security benefits but they are also very concerned
about their HIG (Human Interface Guidelines). Having no option to logout
without a password would be problamatic if the person that knows the
password has left. Wonder if they could send the 'quit' AppleEvent, let
the applications that can quit, quit, and then post a warning that
documents may be lost for the "following applications" which are the ones
that are still open. It will take some thought on the part of Apple to
solve this.
> I find closing confirmations extremely useful, as anyone could
> accidentally close a document they are working on. But yes, to close an
> application without asking, there would have to be another event or you
> would have to have the OS simply kill the process and forget cleanly
> exiting the application.
Perhaps sending the 'quit' event first and then killing those that don't
quit in a certain period of time.
Greg
Greg Francis Gonzaga University
Unix System Administrator Spokane Washington
francis@gonzaga.edu 509-323-6896
