Date: Wed, 18 Nov 1998 07:52:13 +1100 From: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au> To: security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? Message-ID: <98Nov18.075152est.40335@border.alcanet.com.au>
next in thread | raw e-mail | index | archive | help
Andre Albsmeier <andre.albsmeier@mchp.siemens.de> wrote:
>I just was alarmed by xlockmore that a program runs setuid root all the time
>only to check the password the user enters.
In the case of xlockmore (and similar programs), the logical approach
would seem to be to split the functionality into two processes: the
parent process remains privileged(*), but all it would do is seize the
keyboard/mouse, blank the screen and spawn children to actually display
the pretty patterns. The children don't need to be priviledged, and if
one crashes, the parent can just start another.
An alternative approach would be to have the entire saver run non-
privileged and call a privileged program to check the password.
Securely writing the password checking program (so it couldn't be
used for password cracking) is non-trivial.
> And, regardless whether xlockmore
>has known bugs or not,
xlockmore-4.10 definitely does have bugs - several of the standard saver
modes will die with SIGFPE (suddenly unlocking your screen).
(*) Currently, this means setuid root, but all it needs is sufficient
privileges to validate a password.
Peter
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?98Nov18.075152est.40335>