Type packetstorm
Reporter Marco van Berkum
Modified 2001-04-19T00:00:00


I came across a nice xlock bug when i noticed i couldnt log in again as  
user after i "locked" my windowmaker screen. Xlock (afaik) is suid by  
default to read passwords from /etc/shadow. I removed most suidbits on my  
Slackware 7.1 box. Also the suidbit on my xlock has been removed.  
Any user with physical access can get into the window manager screen by  
simply pressing ENTER when xlock is not setuid root. With a default  
Slackware install and also with a default xlockmore install there is no  
file named .xlockrc created. After executing xlock and pressing ENTER  
a empty DES string is placed in .xlockrc and can therefore be used as  
'valid' login.  
This works for all userlogins except root because root can be checked  
with /etc/shadow. This also doesnt work when there is a correct (according  
to /etc/shadow) DES string in $HOME/.xlockrc (This is explained somewhere  
in the README file).  
Fix: set suidbit on xlock ?!?!?! Or give all users who need physical  
windowmanageraccess a correct .xlockrc file.  
Marco van Berkum