Stopping screenload
Robert Nagler
mcvax!olsen!nagler at uunet.uu.net
Tue Mar 14 06:06:07 AEST 1989
mephdbo%prism at gatech.edu (d. majumder) writes:
>Is there any way to prevent people not logged onto the console to execute
>screenload with rasterfiles.
The moderator goes on to say:
>... It would be nice if the frame buffer device was only accessible
>by the person logged on to the console. How about a set-uid program that
>changes the ownership .... Then no one else could open it. ... --wnl
Given that the selection_svc runs with the user id of the person who
started suntools after the last reboot (whew!) and NOT with the user id of
the person running suntools at the time, I think this wouldn't work too
well (unless you don't "share" workstations).
[[ That's a security hole, by the way. I consider it a bug. --wnl ]]
I remember an incident when a co-worker put a setkeys command in their
".login" (without special checks). This worked fine until the user
rlogin'ed to someone else's workstation. It's amazing how much confusion
this caused.
A server based system like X or News at least avoids some of these
problems inherent in the design of suntools. However, I don't believe the
designers of X or News have bothered to implement security features of
this kind. (Rumor has it that window system designers have formed a
society to save the nearly extinct April Fool's Day prankster.)
Rob Nagler / nagler%olsen.uucp at uunet.uu.net
More information about the Comp.sys.sun
mailing list