[17566] in bugtraq
Re: vlock vulnerability in RedHat 7.0
daemon@ATHENA.MIT.EDU (Luca Berra)
Thu Nov 9 02:02:39 2000
Mail-Followup-To: Luca Berra <bluca@comedia.it>, BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20001108214614.D13055@colombina.comedia.it>
Date: Wed, 8 Nov 2000 21:46:14 +0100
Reply-To: bluca@comedia.it
From: Luca Berra <bluca@COMEDIA.IT>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.10011080948270.1443-100000@redhat1.mmaero.com>;
from jlewis@LEWIS.ORG on Wed, Nov 08, 2000 at 09:53:24AM -0500
On Wed, Nov 08, 2000 at 09:53:24AM -0500, Jon Lewis wrote:
> Contrary to the prompt and the man page, the root password will not unlock
> this VC. The user's password, entered at either of the (jlewis|root)'s
> Password: prompts will unlock the VC. I've tested this on Red Hat 6.2 and
> 7.0.
It's a feature!
This is due to PAM, all this type of programs (xlock is another)
are not setuid, the pam libraries invoke a suid helper /sbin/pwdb_chkpwd
that checks the password only for the user that is invoking it.
so no more root unlocking display.
(this is not an issue if root can remotely login to the machine and
kill the lock process)
Regards,
Luca.
--
Luca Berra -- bluca@comedia.it
Communication Media & Services S.r.l.