OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: vlock vulnerability in RedHat 7.0
From: Jon Lewis (jlewisLEWIS.ORG)
Date: Wed Nov 08 2000 - 08:53:24 CST

On Tue, 7 Nov 2000, Bartlomiej Grzybicki wrote:

> I've tried to lock all virtual consoles
> in RedHat 7.0 using vlock, which
> is delivered with this release of RedHat.
>
> If user root locks all consoles - it's no problem,
> but if normal user locks consoles then
> anybody can unlock without typing a password.

As long as someone is looking at the code for vlock, here's another bug.
When you use vlock to lock a VC, it prompts you for your password to
unlock. i.e.

This TTY is now locked.
Please enter the password to unlock.
jlewis's Password:

If you hit enter, it prompts you for the root password to unlock.

This TTY is now locked.
Please enter the password to unlock.
jlewis's Password: [pressed enter]
root's Password:

Contrary to the prompt and the man page, the root password will not unlock
this VC. The user's password, entered at either of the (jlewis|root)'s
Password: prompts will unlock the VC. I've tested this on Red Hat 6.2 and
7.0.

----------------------------------------------------------------------
 Jon Lewis *jlewislewis.org*| I route
 System Administrator | therefore you are
 Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________