Bugtraq mailing list archives
Re: Annoying Solaris/CDE/NIS+ bug
From: jhorwitz () UMICH EDU (Jeff Horwitz)
Date: Tue, 13 Oct 1998 13:59:58 -0400
fyi, you can redefine CDE's LockDisplay action so it runs /usr/openwin/bin/xlock instead of the broken CDE screenlock. just put the following action into the file /etc/dt/appconfig/types/C/Xlock.dt and restart your workspace manager. ACTION LockDisplay { LABEL LockDisplay TYPE COMMAND EXEC_STRING /usr/X11R5/bin/xlock WINDOW_TYPE NO_STDIO DESCRIPTION The LockDisplay action locks the workstation. } ------------------------------------------------------------------------ | Jeff Horwitz University of Michigan | | jhorwitz () umich edu Ann Arbor | | http://www-personal.umich.edu/~jhorwitz ITD Login Service | ------------------------------------------------------------------------ On Mon, 12 Oct 1998 19:37:21 -0400, dbell <dbell () BWAY NET> said:
I didn't see this, or anything similar to it in the archives, but please forgive me if it's well known: If a Solaris 2.6 host is a NIS+ client, and any user other than root is running CDE at the console, CDE's screen locking feature does not work. Any random string is sufficient to unlock to console. Obviously, this is not a root-compromise-from-the-network sort of bug, but it can be a problem if your machine is located somewhere physically insecure (university labs, for example). I made Sun aware of this a month ago, and there seems to be a bug ID opened by someone else even farther back (bug id 4115685). This is not fixed in any current release (up through Hardware 5/98 w/current patches). I don't have older versions to test this on, but I can reproduce it running 2.6 on a variety of hardware (email me if you care). Workaround: use /usr/openwin/bin/xlock instead of CDE's screenlock, stop using NIS+, stop using CDE. -- Daniel Bell Heuer's Law: Any feature is a bug unless it can be turned off.
Current thread:
- using Solaris pax to get files mode 777 Hubert Feyrer (Oct 05)
- <Possible follow-ups>
- Re: using Solaris pax to get files mode 777 Victor Lavrenko (Oct 06)
- Re: using Solaris pax to get files mode 777 Matthew Patton (Oct 11)
- Annoying Solaris/CDE/NIS+ bug dbell (Oct 12)
- Re: Annoying Solaris/CDE/NIS+ bug Jeff Horwitz (Oct 13)
- CERT Advisory CA-98.12 - mountd Aleph One (Oct 12)