bgrzybickiMORLINY.PL

• Next message: Fred Kost: "Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs"
• Previous message: ian.vitekIXSECURITY.COM: "iXsecurity.20001107.compaq-wbm.a"
• Next in thread: Trond Eivind Glomsrød: "Re: vlock vulnerability in RedHat 7.0"
• Reply: Vladislav V. Mikhailov: "Re: vlock vulnerability in RedHat 7.0"
• Reply: Jon Lewis: "Re: vlock vulnerability in RedHat 7.0"
• Reply: Matt Conover: "Re: vlock vulnerability (solution: w00w00's CAP)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've tried to lock all virtual consoles
in RedHat 7.0 using vlock, which
is delivered with this release of RedHat.

If user root locks all consoles - it's no problem,
but if normal user locks consoles then
anybody can unlock without typing a password.

Try to use it in the following way:

1. logon as an ordinary user on tty1
2. logon as root on tty2
3. Type on tty1 vlock -a
4. All consoles will be locked.
5. When vlock asks for password
press ENTER and don't release the key
until you see message 'broken pipe'.
6. If you see it all two consoles are unlocked.

Regards,

Bartlomiej Grzybicki ############################
MORLINY SA http://www.morliny.pl
bgrzybickimorliny.pl http://www.bgrzybicki.morliny.pl
mobile: +48 601 279 976 ########################

• Next message: Fred Kost: "Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs"
• Previous message: ian.vitekIXSECURITY.COM: "iXsecurity.20001107.compaq-wbm.a"
• Next in thread: Trond Eivind Glomsrød: "Re: vlock vulnerability in RedHat 7.0"
• Reply: Vladislav V. Mikhailov: "Re: vlock vulnerability in RedHat 7.0"
• Reply: Jon Lewis: "Re: vlock vulnerability in RedHat 7.0"
• Reply: Matt Conover: "Re: vlock vulnerability (solution: w00w00's CAP)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]