xlock.txt

2001-04-19T00:00:00
ID PACKETSTORM:24683
Type packetstorm
Reporter Marco van Berkum
Modified 2001-04-19T00:00:00

Description

                                        
                                            `Hi,  
  
I came across a nice xlock bug when i noticed i couldnt log in again as  
user after i "locked" my windowmaker screen. Xlock (afaik) is suid by  
default to read passwords from /etc/shadow. I removed most suidbits on my  
Slackware 7.1 box. Also the suidbit on my xlock has been removed.  
  
Problem:  
Any user with physical access can get into the window manager screen by  
simply pressing ENTER when xlock is not setuid root. With a default  
Slackware install and also with a default xlockmore install there is no  
file named .xlockrc created. After executing xlock and pressing ENTER  
a empty DES string is placed in .xlockrc and can therefore be used as  
'valid' login.  
  
This works for all userlogins except root because root can be checked  
with /etc/shadow. This also doesnt work when there is a correct (according  
to /etc/shadow) DES string in $HOME/.xlockrc (This is explained somewhere  
in the README file).  
  
Fix: set suidbit on xlock ?!?!?! Or give all users who need physical  
windowmanageraccess a correct .xlockrc file.  
  
grtz,  
Marco van Berkum  
  
`