Bugtraq mailing list archives
RE: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14)
From: Rizwan Jiwan <Rizwan.Jiwan () KINGSTON Hummingbird com>
Date: Thu, 31 Jul 2003 13:21:28 -0400
I wouldn't consider this a bug. It is like me writing a script that kills any process named "ScreenSaverEngine". If I run it with my privileges it should allow me to kill the process (assuming I own ScreenSaverEngine). Escape Pod does what it is meant to. OS X does what it is meant to--that is unless you are suggesting that the operating system not allow the user to kill the screen saver process which is just stupid because I have had my screen saver crash on me. -Riz -----Original Message----- From: Patrick Haruksteiner [mailto:haruk () gmx at] Sent: Wednesday, July 30, 2003 4:56 PM To: Doug White Subject: Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) On Wednesday, July 30, 2003, at 10:07 h, Doug White wrote:
On Tue, 29 Jul 2003, Patrick Haruksteiner wrote:I discoverd another security issue with the Mac OS X screensaver. If you have installed escapepod from Ambrosia Software and hit crtl-alt-delete(==backspace) when the screensaver with password protection is running, it kills the screensaver and the desktop is open to anybody - so it has the same effect as the recently emerged password-exploit.This is not a bug in Apple software. This is a third party extension. Ambrosia's Escape Pod is a utility that kills the frontmost app when the shortcut keystroke is typed. Naturally it does not ship with MacOS X. Since the screen saver is just another application (called ScreenSaverEngine), if you hit the kill key when its running, it gets killed. Fancy that!
I know that! But it should be the concern of the OS that you cannot circumvent its security system with the help of other applications! -- harp
Current thread:
- RE: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Rizwan Jiwan (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Alaric B Snell (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) MightyE (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Barry Fitzgerald (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Alaric B Snell (Jul 31)