Vulnerability Development mailing list archives

Re: vlock bug ? (fwd)

From: sarnold () WILLAMETTE EDU (Seth R Arnold)
Date: Thu, 18 Nov 1999 19:57:43 -0800


Marcy (and rest-of-list) -- the vlock shipped with Debian's unstable
(Package: vlock Version: 1.3-4) did not show this, neither under an xterm
nor at the console, and the -a flag had no effect. Since it depends on
libpam0g, it was probably compiled USE_PAM, though I don't know the status
of USE_SHADOW.

For fun, I tried root's password at the "sarnold's Password: " prompt, and
learned that didn't work either.

$ ls -l `which vlock`
-rwxr-sr-x    1 root     shadow       8592 Nov 12 06:07 /usr/bin/vlock*

On Thu, Nov 18, 1999 at 01:48:39PM +0100, m4rcyS wrote:

Plz take a look at these 2 posts below and try this by yourself.

I'm using RH6.1 (vlock-1.3-2) and definitely I'm NOT using the same
password for root and marcys :)


---------- Forwarded message ----------
Date: Wed, 17 Nov 1999 10:44:51 -0500
From: Michael K. Johnson <johnsonm () redhat com>
To: m4rcyS <marcys () free com pl>
Cc: Michael K. Johnson <johnsonm () redhat com>
Subject: Re: vlock bug ?


I am unable to reproduce this.  I can't imagine what could possibly
cause it, either, other than using the same password for root and
for marcys, which I presume you are not doing...

michaelkjohnson

"Magazines all too frequently lead to books and should be regarded by the
 prudent as the heavy petting of literature."            -- Fran Lebowitz
 Linux Application Development     http://people.redhat.com/johnsonm/lad/


m4rcyS writes:


hi,

Plz take a look at this:

[> >[marcys@pentium marcys]$ vlock
This TTY is now locked.
Use Alt-function keys to switch to other virtual consoles.
Please enter the password to unlock.
marcys's Password:           [invalid passwd typed here]
root's Password:             [valid MARCYS's passwd typed]
[> >[marcys@pentium marcys]$
    
Shouldn't vlock accept root's passwd except marcys's passwd?


greetz,
____________________________________________________________
                             m4rcyS

                  email: marcys () free com pl, m () sh pl

"I think there is a world market for maybe five computers."
                    - Thomas Watson, chairman of IBM, 1943
------------------------------------------------------------


--
Seth Arnold | http://www.willamette.edu/~sarnold/
Hate spam? See http://maps.vix.com/rbl/ for help
Hi! I'm a .signature virus! Copy me into
your ~/.signature to help me spread!

Current thread:

Re: vlock bug ? (fwd) m4rcyS (Nov 18)
- Re: vlock bug ? (fwd) Seth R Arnold (Nov 18)
- Re: vlock bug ? (fwd) C.J. Oster (Nov 18)
- Re: vlock bug ? (fwd) Savochkin Andrey Vladimirovich (Nov 20)
- <Possible follow-ups>
- Re: vlock bug ? (fwd) Hull, Dave (Nov 19)
  - Re: vlock bug ? (fwd) Thomas Molina (Nov 19)