Re: [dev] slock with non-system auth

From: markus schnalke <meillo_AT_marmaro.de>
Date: Mon, 28 Dec 2009 13:40:57 +0100

[2009-12-28 22:18] Jessta <jessta_AT_gmail.com>
> 2009/12/20 markus schnalke <meillo_AT_marmaro.de>:
> > [2009-12-19 21:37] pancake <pancake_AT_youterm.com>
> >>
> >> I have done two patches for slock.
> >>
> >> The first simplifying the use of cpp and the other adding user
> >> defined password.
> >
> > The password should probably not be a clear text string inside the
> > binary file, as one can easily read it with `strings slock'.
>
> Yeah, accept that you'd need permission to read the slock binary, in which case
> you'd need access to the user's account and thus would already have
> the access you'd be trying to obtain.
> Doesn't seem like a problem to me.

That's correct, but assume that most people will not be aware of this
issue.

If the program prints a expanation message and fails if it has read
permission, then I'd agree with you.

meillo
Received on Mon Dec 28 2009 - 12:40:57 UTC

This archive was generated by hypermail 2.2.0 : Mon Dec 28 2009 - 12:48:07 UTC