Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 151918 - xscreensaver won't allow root to unlock screen
xscreensaver won't allow root to unlock screen
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: xscreensaver (Show other bugs)
4.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Ray Strode [halfline]
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-03-23 10:39 EST by Kathy Whyte
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-23 11:29:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Kathy Whyte 2005-03-23 10:39:13 EST 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041215 Firefox/1.0 Red Hat/1.0-12.EL4

Description of problem:
If a user locks the screen, entering the root password into xscreensaver fails to unlock the screen.

Version-Release number of selected component (if applicable):
xscreensaver-4.18

How reproducible:
Always

Steps to Reproduce:
1.log in as any user
2.run xscreensaver/xlock
3.try to unlock the screen with the root password
  

Actual Results:  The root account is denied unlocking the screen from entering his password on the screen.

Expected Results:  Root should be able to unlock the screen from the screen.

Additional info:

I have found that if I obtain the source rpm and recompile minus the xscreensaver-4.06-rh.patch
patch and install the program with setuid root: -r-sr-xr-x root 
The root can then enter root's password at the screen and unlock it.
Comment 1 Ray Strode [halfline] 2005-03-23 11:29:14 EST 
Hi Kathy,
we don't currently support unlocking the screen as root using this mechanism. 
This is a very big security hole because any user could write a program that
mimics the appearance of xscreensaver's lock dialog and record the root password
when an admin comes by and unlocks the screen.

You can terminate a user's session at any time by pressing ctrl-alt-backspace. 
You can unlock a user's session at any time by pressing ctrl-alt-f1, logging in
as root, an killing their copy of xscreensaver.  

Hope that helps.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.