Vulnerability Development mailing list archives
Re: vlock bug ? (fwd)
From: saw () MSU RU (Savochkin Andrey Vladimirovich)
Date: Sat, 20 Nov 1999 12:20:29 +0300
Hi, On Thu, Nov 18, 1999 at 01:48:39PM +0100, m4rcyS wrote:
Plz take a look at this: [> >[marcys@pentium marcys]$ vlock This TTY is now locked. Use Alt-function keys to switch to other virtual consoles. Please enter the password to unlock. marcys's Password: [invalid passwd typed here] root's Password: [valid MARCYS's passwd typed] [> >[marcys@pentium marcys]$ Shouldn't vlock accept root's passwd except marcys's passwd?
If your vlock isn't setuid-root and uses PAM (which in turn uses special setuid-root binary helper to check passwords) then vlock works as expected. TTY may be unlocked only by user's password independently of what vlock prints. The reason for this behavoiur is that the helper password check program only allows unprivileged users to verify their own passwords. Allowing them to verify root's password opens a possibility for a brute-force attack. In this scheme vlock is just an ordinary application invoked by user and doesn't have any special privileges. So the proper fix for the problem is a fix of vlock's prompts to reflect what's really doing. You may also wish to make vlock setuid-root but I don't recommend to do so. Best regards Andrey V. Savochkin
Current thread:
- Re: vlock bug ? (fwd) m4rcyS (Nov 18)
- Re: vlock bug ? (fwd) Seth R Arnold (Nov 18)
- Re: vlock bug ? (fwd) C.J. Oster (Nov 18)
- Re: vlock bug ? (fwd) Savochkin Andrey Vladimirovich (Nov 20)
- <Possible follow-ups>
- Re: vlock bug ? (fwd) Hull, Dave (Nov 19)
- Re: vlock bug ? (fwd) Thomas Molina (Nov 19)