Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 05 Sep 2015, 12:14
All times are UTC - 4
 Forum index » House Training » Bugs ( Submit bugs )
Screen Lock accepting ANY password
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [24 Posts]   Goto page: 1, 2 Next
Author Message
ClareOldie
Guest


PostPosted: Sun 08 Jan 2006, 17:49    Post subject:  Screen Lock accepting ANY password  

I just tried the screen lock facility and it appears to work except that when anyone wishes to regain access to the computer any password at all is accepted.
Not much security in that I'm afraid.

I manually deleted the .xlockrc file just to be sure but no improvement.

Does it work for everyone else?

Puppy 1.07 HDD install
Back to top
BarryK
Puppy Master


Joined: 09 May 2005
Posts: 7456
Location: Perth, Western Australia

PostPosted: Mon 09 Jan 2006, 04:25    Post subject:  

Yep, we know about this bug.
Back to top
View user's profile Send private message Visit poster's website 
ClareOldie
Guest


PostPosted: Mon 09 Jan 2006, 17:05    Post subject: ScreenLock  

Sorry didn't mean to clutter up the forum.

Is the bug expected to be fixed soon?
Back to top
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11525
Location: Arizona USA

PostPosted: Mon 09 Jan 2006, 17:28    Post subject:  

I haven't tried it so I really don't know anything about it, but is it possible that it's a feature not a bug, that screen lock accepts any password by default until you have set a password?
Back to top
View user's profile Send private message 
BarryK
Puppy Master


Joined: 09 May 2005
Posts: 7456
Location: Perth, Western Australia

PostPosted: Mon 09 Jan 2006, 17:35    Post subject:  

Nup, it's a bug.

I recompiled the program with different config options, still got the same bug.

Actually, I'm using "xlockmore", which is a continuation of the original "xlock" project -- well, I may try the actual xlock source next.

If anyone is interested to try it, here are the configure options that I used:

Code:
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --build=i486-pc-linux-gnu --enable-xlockrc --without-motif --without-editres --without-gltt --without-ftgl --without-opengl --without-mesa --without-dtsaver --without-rplay --without-nas --enable-nice-only --without-ttf --without-freetype
Back to top
View user's profile Send private message Visit poster's website 
jmarsden


Joined: 31 Dec 2005
Posts: 263
Location: California, USA

PostPosted: Wed 11 Jan 2006, 06:00    Post subject:  

I'd at least considering the possibility that xlockmore just needs some config tweaks related to password lookup. A quick look suggests that in xlock/passwd.c there are a lot of #ifdefs trying to work out what form of password file / shadow / PAM support a machine has. It's at least possible that this code is "guessing wrong" for Puppy. Since that code derives from the older xlock, if my suspicion about this is correct, that older code will also "guess wrong" in the same way. So, FWIW, my suggestion would be to troubleshoot / debug current xlockmore code, rather than regress back to (very old) original xlock code.

If the current usr_devx.sfs had included the usual trace tools like strace and ltrace, I'd have confirmed my suspicions by now... but they seem to be missing. Is there any technical reason for their absence? (I have the same question for the script command, too? I already compiled and installed that one -- I use it a lot for keeping track of manual build sessions).

I'm out of time for this tonight. I may try to compile the trace tools and see what they tell me when xlock is run with them -- just not right now Smile

Jonathan
Back to top
View user's profile Send private message 
MU


Joined: 24 Aug 2005
Posts: 13644
Location: Karlsruhe, Germany

PostPosted: Wed 11 Jan 2006, 06:07    Post subject:  

ClareOldie, meanwhile you could this one:
http://www.murga.org/~puppy/viewtopic.php?p=18059#18059
Mark
Back to top
View user's profile Send private message Visit poster's website 
billstclair

Joined: 26 Feb 2006
Posts: 106
Location: Upstate New York

PostPosted: Thu 02 Mar 2006, 10:02    Post subject:  

Removing the --enable-xlockrc option worked for me. That's labelled as "for unknown shadow password" in ./configure --help

I got a working password with:

./configure --disable-bomb --without-opengl --without-mesa

I may have some non-standard libraries installed, however, so you may need to disable more for the distribution.

The password validation area is now much smaller, however.
Back to top
View user's profile Send private message Visit poster's website 
BarryK
Puppy Master


Joined: 09 May 2005
Posts: 7456
Location: Perth, Western Australia

PostPosted: Thu 02 Mar 2006, 18:59    Post subject:  

billstclair wrote:
Removing the --enable-xlockrc option worked for me. That's labelled as "for unknown shadow password" in ./configure --help

I got a working password with:

./configure --disable-bomb --without-opengl --without-mesa

I may have some non-standard libraries installed, however, so you may need to disable more for the distribution.

The password validation area is now much smaller, however.


But that "xlockrc" is what holds the password, um, in ~/.xlockrc I think.
So, how does the password part of it work without this option? ...like, where does the password get stored?, how do you set it?
Back to top
View user's profile Send private message Visit poster's website 
billstclair

Joined: 26 Feb 2006
Posts: 106
Location: Upstate New York

PostPosted: Thu 02 Mar 2006, 22:51    Post subject:  

--enable-xlockrc is misnamed. If you leave it out, xlock still asks for a password, and still stores the encoded password in .xlockrc. At least that's how mine works. Give it a try, configuring with that single option removed from your "configure..." command.
Back to top
View user's profile Send private message Visit poster's website 
jmarsden


Joined: 31 Dec 2005
Posts: 263
Location: California, USA

PostPosted: Sun 05 Mar 2006, 21:36    Post subject:  

I tried:
Code:
 ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --build=i486-pc -linux-gnu --without-motif --without-editres --without-gltt --without-ftgl --without-opengl --without-mesa --without-dtsaver --without-rplay --without-nas --enable-nice-only --without-ttf --without-freetype

No real difference by default. However, I found that if I have a password set on the root account (set using passwd) things then work the way I expect -- xlock prompts for my account password. Then... I put the Puppy-supplied xlock binary back and tried again... and it still worked that way. Hmmm. Then I reset the root password to an empty one... and xlock still works fine!

At little more experimenting suggests that, as long as I have a non-empty password field in /etc/shadow, xlock (as supplied with Puppy) works. This applies even when the encrypted password is in fact an empty password.

So, the way to get more useful xlock behaviour in Puppy 1.07 and 1.08 (I tested both), without setting a real root password, is to use the passwd command at a shell prompt and just press Enter when prompted for the new password. After that, /etc/shadow has an encrypted pw in it which decrypts to the empty password, and xlock uses the one stored in ~/.xlockrc

If you set an actual password for the root account (a good idea if you actually care about locking your PC, in my view!), xlock will then unlock with either the one it has encrypted into ~/.xlockrc or the account password.

I suspect that Puppy just needs to ship with an encrypted empty pw in its supplied /etc/shadow to make xlock work the way BarryK wants it to?

Jonathan
Back to top
View user's profile Send private message 
BarryK
Puppy Master


Joined: 09 May 2005
Posts: 7456
Location: Perth, Western Australia

PostPosted: Mon 06 Mar 2006, 03:40    Post subject:  

Jonathan,
That's amazing detective work!

Okay, /etc/shadow with empty password now in puppy2.

The only thing not working with xlockmore now, is it is supposed to respond to a mouse movement, but doesn't -- you have to press a key on keyboard to unlock.
Back to top
View user's profile Send private message Visit poster's website 
dvw86


Joined: 04 May 2005
Posts: 636
Location: Washington State

PostPosted: Mon 06 Mar 2006, 10:31    Post subject:  

BarryK wrote:

Okay, /etc/shadow with empty password now in puppy2.


Can that fix make it into 1.0.9 as well?
Back to top
View user's profile Send private message 
jmarsden


Joined: 31 Dec 2005
Posts: 263
Location: California, USA

PostPosted: Wed 08 Mar 2006, 03:38    Post subject:  

BarryK wrote:
The only thing not working with xlockmore now, is it is supposed to respond to a mouse movement, but doesn't -- you have to press a key on keyboard to unlock.
You just need to add the -mousemotion option to get that effect. Adding it into /etc/xlockscreenparams is all it takes Smile

(One day we should talk about why you use all these strange little tiny config files that lack a trailing LF ... which seems very non-standard to me.... but anyway... here's the relevant unified diff for /usr/local/apps/Xlock/AppRun
Code:
23:03:11 root@jm:/usr/local/apps/Xlock# diff -u AppRun.orig AppRun
--- AppRun.orig 2006-03-07 23:02:11.000000000 -0800
+++ AppRun      2006-03-07 23:02:54.000000000 -0800
@@ -4,7 +4,7 @@
 PARAM1="$1"
 
 if [ ! -f /etc/xlockscreenparams ];then
- echo -n ' -grabserver -echokeys -echokey X -mode goop'  > /etc/xlockscreenparams
+ echo -n ' -mousemotion -grabserver -echokeys -echokey X -mode goop'  > /etc/xlockscreenparams
 fi
 if [ ! -f /etc/xlockrootparams ];then
  echo -n ' -bg white -inroot -mode goop'  > /etc/xlockrootparams

Jonathan
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15154
Location: Paradox Realm

PostPosted: Wed 08 Mar 2006, 06:23    Post subject:  

Jonathan can you give an example and a way to implement better / simpler / more appropriate / more efficient please Wink Cool

Thanks as always

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
Display posts from previous:   Sort by:   
Page 1 of 2 [24 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » Bugs ( Submit bugs )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1989s ][ Queries: 12 (0.0221s) ][ GZIP on ]