Re: [dwm] vulnerability in slock

From: Anselm R. Garbe <arg_AT_suckless.org>
Date: Mon, 12 Mar 2007 12:21:10 +0100

On Mon, Mar 12, 2007 at 07:15:51AM -0400, Albert Cardona wrote:
>
>
> >
> >No locker should prevent you from killing the x server. If you
> >use startx use
> >
> >startx && exit
> >
> >to prevent such situation, or simply
> >
> >exec startx
> >
> Thanks for the tips, I wasn't aware of the unix way of securely
> launching startx.
>
> As for the pam mechanism, one can setup custom entries for any program
> (for example for xscreensaver, or for sudo as I mentioned). Here is the
> one for the xscreensaver (which works fine):
>
> albert_AT_pad:/etc/pam.d$ cat sudo
> #%PAM-1.0
> #@include common-auth
> #disabling fingerprint reader for sudo
> auth sufficient pam_unix.so nullok_secure
> auth required pam_bioapi.so {<deleted>} /etc/bioapi/pam/
> password required pam_bioapi.so {<deleted>} /etc/bioapi/pam/
> @include common-account
>
>
> I created an entry for slock with identical contents (actually a
> symlink, the above for xscreensaver is as well a symlink to the 'sudo'
> entry).
>
> There is an entry for login, but if I modify it I see I will run into
> "trouble" in that then I won't have fingerprint reader for gdm when I
> need it. I may just stick to xscreensaver for the time being, until I
> figure out how to make slock be aware of its own pam entry.

Note that slock does not support libpam directly.

Regards,

-- 
 Anselm R. Garbe >< http://www.suckless.org/ >< GPG key: 0D73F361
Received on Mon Mar 12 2007 - 12:21:10 UTC

This archive was generated by hypermail 2.2.0 : Sun Jul 13 2008 - 14:38:56 UTC