Bugtraq mailing list archives
Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14)
From: "Fred Noltie" <noltie () airmail net>
Date: Thu, 31 Jul 2003 15:53:14 -0500
From: "Brian Eckman" <eckman () umn edu>
If someone were to find a way to bind to those hotkeys, would you then consider this a security issue with Windows? If so, how is Apple's failure to block kill calls to the screen saver not a security issue? GavinWindows does allow others to bind to those hotkeys. The Novell client
is
a good example. The Novell NDS password can be used to unlock the
screen
saver, without requiring the Windows password to be entered. Obviously other programs could bypass the Windows authentication as well.
It's been a few years and things may have changed, but in the past Novell accomplished this by replacing the standard msgina.dll with one of their own making. Microsoft provides information on how to do this sort of thing: http://support.microsoft.com/default.aspx?scid=kb;en-us;810756 FWIW, there is even a GNU replacement (well, for NT, anyway): http://wwwthep.physik.uni-mainz.de/~frink/newgina_pre09/readme.html It seems to me, though, that if the admin replaces Microsoft's GINA, he can't complain about how (or whether) the replacement traps Ctrl+Alt+Del. I don't think (though I may be mistaken) that there's a way to trap those hotkeys when Microsoft's msgina.dll is in place and working properly. Regards, Fred Noltie
Current thread:
- Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Patrick Haruksteiner (Jul 30)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Doug White (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Patrick Haruksteiner (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) mns (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Gavin Hanover (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Brian Eckman (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Fred Noltie (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Patrick Haruksteiner (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Doug White (Jul 31)
- <Possible follow-ups>
- RE: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) CHRIS GRABENSTEIN (Jul 31)