by mail.netbsd.org with SMTP; 13 Jul 2000 13:22:48 -0000
 via SMTP by mailo.vtcif.telstra.com.au, id smtpd0OC1Z_; Thu Jul 13 23:22:02 2000
 via SMTP by localhost, id smtpdFJHGB_; Thu Jul 13 23:21:48 2000
          by balrog.supp.cpr.itg.telecom.com.au (8.8.4/8.8.4) with ESMTP
	  id XAA18865 for <tech-security@netbsd.org>; Thu, 13 Jul 2000 23:21:47 +1000
Message-Id: <200007131321.XAA18865@balrog.supp.cpr.itg.telecom.com.au>
From: Simon Burge <simonb@netbsd.org>
Cc: tech-security@netbsd.org
Subject: Re: group for access to the password database 
In-Reply-To: Your message of "Thu, 13 Jul 2000 21:15:04 +1000 "
	<12617.963486904@mundamutti.cs.mu.OZ.AU> 
Date: Thu, 13 Jul 2000 23:21:47 +1000

Robert Elz wrote:

>     Date:        11 Jul 2000 16:39:33 GMT
>     From:        tron@zhadum.de (Matthias Scheler)
>     Message-ID:  <8kfik5$4q1$1@colwyn.zhadum.de>
> 
>   | This might not be enough. "xlock" allows the removal of the screen lock
>   | with the "root" password regardless which user is logged in.
> 
> That feature is about the biggest "build me a trojan, please" that I think
> I've ever seen.

FWIW, we have an "xlock" account and use the password on that account
to unlock screens.  While still not perfect, a tad safer than using the
root password...

Simon.