From: bcr@bohr.physics.purdue.edu (Bill C. Riemers) Subject: Re: Linux's XDM, Lack of Security Date: 14 Mar 1993 03:02:52 GMT
In article <C3uv0C.1w1@cs.dal.ca> munn@ug.cs.dal.ca (Richard B Munn) writes:
>I presently have Xdm operating.
>But when I log on with a userid of "root", I'm able
>to use ANY password to gain access.
>I wish to restrict this access.
>What must I do to gain control of this problem?
I do wish people would remember to to specify what version of linux
they are using. I had the same problem with 99pl2, but was told the
problem has been corrected. Anyways the problem with that version was
that LINUX now uses shadow passwords, but the version of xdm I had downloaded
used normal passwords! This effectively makes xdm useless, so I removed
it from my system. To avoid others from cracking your system with a program
that doesn't use shadow passwords, you should manually insert dummy password
strings in /etc/passwd. If I remember correctly, somewhere the old command
for encrypting passwords exists, so you can install normal passwords manually
if you really want to use this old version of xdm.
Even if it wasn't for this, I still would recommend against using xdm. Memory
is not properly returned from applications when xdm is running, so after running
serveral large programs you'll have to reboot or at least re-start your
X-server. (Restarting my X-server never seemed to help, but enough people
claimed it does, that I suspect I just wasn't restarting it right.)
Bill