From sec@yoda.fwe.pi.musin.de  Wed Dec 13 09:44:54 2000
Return-Path: <sec@yoda.fwe.pi.musin.de>
Received: from yoda.fwe.pi.musin.de (yoda.fwe.pi.musin.de [194.246.250.18])
	by hub.freebsd.org (Postfix) with ESMTP id 62B5437B400
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 13 Dec 2000 09:44:45 -0800 (PST)
Received: (from sec@localhost)
	by yoda.fwe.pi.musin.de (8.11.1/8.11.1) id eBDHj6L34377;
	Wed, 13 Dec 2000 18:45:07 +0100 (CET)
	(envelope-from sec)
Message-Id: <20001213184505.B25575@yoda.fwe.pi.musin.de>
Date: Wed, 13 Dec 2000 18:45:05 +0100
From: Stefan `Sec` Zehl <sec@yoda.fwe.pi.musin.de>
To: Thomas Gellekum <tg@melaten.rwth-aachen.de>
Cc: FreeBSD-gnats-submit@freebsd.org
In-Reply-To: <kq1yvcxytx.fsf@cip12.melaten.rwth-aachen.de>; from tg@melaten.rwth-aachen.de on Wed, Dec 13, 2000 at 01:58:18PM +0100
Subject: Re: xlock port doesn't check password
References: <200012111305.eBBD5wA83113@yoda.fwe.pi.musin.de> <kq1yvcxytx.fsf@cip12.melaten.rwth-aachen.de>

>Number:         23527
>Category:       ports
>Synopsis:       Re: xlock port doesn't check password
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    tg
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Dec 13 09:50:00 PST 2000
>Closed-Date:    Sun Apr 22 23:21:18 PDT 2001
>Last-Modified:  Tue Nov 27 18:34:25 PST 2001
>Originator:     
>Release:        
>Organization:
>Environment:
>Description:
 On Wed, Dec 13, 2000 at 01:58:18PM +0100, Thomas Gellekum wrote:
 > Stefan `Sec` Zehl <sec@yoda.fwe.pi.musin.de> writes:
 > > if I start xlock normally (just xlock) it runs normally. If i hit any key,
 > > it prompts me for my Password. Independent of what I enter there, xlock
 > > unlocks the screen and exits.
 > 
 > I can't reproduce this (xlockmore-4.17.2, FreeBSD-stable,
 > XFree86-3.3.6). Anyone else got this problem?
 
 Ah, I found out what was causing this. Stupid me.
 I realized that xlock accepts roots password too. And in fact thats the
 problem here.
 
 I didn't have a root password set on this box.
 
 While I would argue that xlock should not accept any password in this
 case, you can probably file this under 'pilot error'.
 
 CU,
     Sec
 -- 
 Komme wieder
 
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: dougb 
State-Changed-When: Sun Apr 22 23:21:18 PDT 2001 
State-Changed-Why:  

Originator claims pilot error. 


Responsible-Changed-From-To: gnats-admin->tg 
Responsible-Changed-By: dougb 
Responsible-Changed-When: Sun Apr 22 23:21:18 PDT 2001 
Responsible-Changed-Why:  

tg is the ports maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=23527 
>Unformatted:
