|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: vlock vulnerability in RedHat 7.0
From: Trond Eivind Glomsrød (teg
REDHAT.COM)Date: Tue Nov 07 2000 - 14:04:30 CST
- Next message: Vladislav V. Mikhailov: "Re: vlock vulnerability in RedHat 7.0"
- Previous message: Vinci Chou: "Lotus Notes R5 clients - no warning for broken signature or encryption"
- Next in thread: Vladislav V. Mikhailov: "Re: vlock vulnerability in RedHat 7.0"
- Maybe reply: Trond Eivind Glomsrød: "Re: vlock vulnerability in RedHat 7.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bartlomiej Grzybicki <bgrzybickimorliny.pl> writes:
> I've tried to lock all virtual consoles
> in RedHat 7.0 using vlock, which
> is delivered with this release of RedHat.
>
> If user root locks all consoles - it's no problem,
> but if normal user locks consoles then
> anybody can unlock without typing a password.
>
> Try to use it in the following way:
>
> 1. logon as an ordinary user on tty1
> 2. logon as root on tty2
> 3. Type on tty1 vlock -a
> 4. All consoles will be locked.
> 5. When vlock asks for password
> press ENTER and don't release the key
> until you see message 'broken pipe'.
> 6. If you see it all two consoles are unlocked.
How is your system configured? I can't reproduce this.
-- Trond Eivind Glomsrød Red Hat, Inc.
- Next message: Vladislav V. Mikhailov: "Re: vlock vulnerability in RedHat 7.0"
- Previous message: Vinci Chou: "Lotus Notes R5 clients - no warning for broken signature or encryption"
- Next in thread: Vladislav V. Mikhailov: "Re: vlock vulnerability in RedHat 7.0"
- Maybe reply: Trond Eivind Glomsrød: "Re: vlock vulnerability in RedHat 7.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]