Re: Annoying Solaris/CDE/NIS+ bug

[jhorwitz () UMICH EDU (Jeff Horwitz)]

fyi, you can redefine CDE's LockDisplay action so it runs
/usr/openwin/bin/xlock instead of the broken CDE screenlock.  just put
the following action into the file /etc/dt/appconfig/types/C/Xlock.dt and
restart your workspace manager.

ACTION LockDisplay
{
        LABEL   LockDisplay
        TYPE    COMMAND
        EXEC_STRING     /usr/X11R5/bin/xlock
        WINDOW_TYPE     NO_STDIO
        DESCRIPTION     The LockDisplay action locks the workstation.
}

------------------------------------------------------------------------
| Jeff Horwitz                                  University of Michigan |
| jhorwitz () umich edu                                         Ann Arbor |
| http://www-personal.umich.edu/~jhorwitz            ITD Login Service |
------------------------------------------------------------------------

On Mon, 12 Oct 1998 19:37:21 -0400, dbell <dbell () BWAY NET>  said:

> I didn't see this, or anything similar to it in the archives, but please
> forgive me if it's well known:
>
> If a Solaris 2.6 host is a NIS+ client, and any user other than root is
> running CDE at the console, CDE's screen locking feature does not work.
> Any random string is sufficient to unlock to console. Obviously, this is
> not a root-compromise-from-the-network sort of bug, but it can be a
> problem if your machine is located somewhere physically insecure
> (university labs, for example). I made Sun aware of this a month ago, and
> there seems to be a bug ID opened by someone else even farther back (bug
> id 4115685).  This is not fixed in any current release (up through
> Hardware 5/98 w/current patches). I don't have older versions to test this
> on, but I can reproduce it running 2.6 on a variety of hardware (email me
> if you care).
>
> Workaround: use /usr/openwin/bin/xlock instead of CDE's screenlock, stop
> using NIS+, stop using CDE.
>
>
> --
> Daniel Bell
> Heuer's Law: Any feature is a bug unless it can be turned off.