Bugtraq mailing list archives
AW: Mac OS 9 Idle Lock Bug
From: sflothow () SCHLOSS-ONLINE DE (Flothow, Sebastian)
Date: Fri, 29 Oct 1999 09:57:18 +0200
It's possible to set up the Finder so that, if the current user goes idle, the screen will be locked. A simple dialog box is displayed stating that the system has been idle for too long and a password must be entered. You have two options. Click OK and enter the password to return to your session or click OK and click Log Out. It's possible to seize control of Mac OS under certain conditions by clicking Log Out.
so you can log out the current user and quit all apps without having to enter a password? i think this is the real security flaw, not apps which ask wether you want to save changes.
Some applications have the "feature" of asking you if you're sure that you want to quit. For example, if connected to a UNIX host using NiftyTelnetSSH, it will ask you if you're sure you want to disconnect when the application quits. Other applications with unsaved data will ask if you want to save changes. Most of these dialog boxes have OK and Cancel or Yes, No and Cancel for options. Hitting Cancel at any of these "are you use" dialog boxes will stop the logout process and return you to the current session.
which is useful if you hit quit and you actually don't want to quit (i know, this is for silly lusers, but they exist). to quit an app without asking, there had to be another event, which current apps wouldn't support.
Now, being primarily a UNIX user that also uses Mac OS for graphics and Web page design, I realize that relying on Mac OS for physical security is about as silly as relying on the Windows 95 password "protected" screensaver for security. I just figured that I'd point out this small issue because the Mac OS 9 ads seem to be pushing the added security benefits of upgrading to Mac OS 9 and its voiceprint password protection.
well, it seems /this/ kind of protection doesn't work. however, if you shut down the mac, you'll have to log in when booting.
Current thread:
- SCO UnixWare 7.1 local root exploit, (continued)
- SCO UnixWare 7.1 local root exploit Brock Tellier (Oct 05)
- Re: Fix for ssh-1.2.27 symlink/bind problem Casper Dik (Oct 06)
- Re: Fix for ssh-1.2.27 symlink/bind problem Phillip Vandry (Oct 06)
- Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema (Oct 06)
- Re: Fix for ssh-1.2.27 symlink/bind problem Markus Friedl (Oct 25)
- Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema (Oct 25)
- Re: Fix for ssh-1.2.27 symlink/bind problem Markus Friedl (Oct 26)
- Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema (Oct 27)
- ExpressFS 2.x FTPServer remotely exploitable buffer overflow vulnerability Luciano Martins (Jul 29)
- Vulnerability in CMail SMTP Server Version 2.4: Remotely exploitable buffer Luciano Martins (Jul 29)
- AW: Mac OS 9 Idle Lock Bug Flothow, Sebastian (Oct 29)
- Re: Fix for ssh-1.2.27 symlink/bind problem Casper Dik (Oct 29)
- DoS attack for ircd's by oversized PTR record Goblin (Oct 29)
- Re: Fix for ssh-1.2.27 symlink/bind problem Eivind Eklund (Oct 29)
- URL Live! 1.0 WebServer UNYUN (Oct 28)
- Re: Fix for ssh-1.2.27 symlink/bind problem Markus Friedl (Oct 26)
- Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema (Oct 26)
- Falcon Web Server Advisory (Oct 26)