Lock Screen as root

The "lock screen" operation in FC5 does not actually lock the screen
when the user is logged in as root. I'm curious about why this is not
considered a serious bug. When I log in as root, the Screensaver
Preferences applet shows the "lock screen when screensaver active" box
checked. It informs root that the screen will lock when in fact, it
won't.

I've found the following:

On the fedora-list, Aaron Konstam noted that locking the screen as root
is something you don't want to do, because you should not log in as
root.

On the gnome-list, a posting noted that one can bypass the screensaver
anyway with CTRL-ALT-F1, so logging in as root is dangerous. But I
tried this, and while I can bypass the screensaver, I still must log in
to my virtual terminals. So no loss of security. And it still begs the
question of -- given how dangerous a root login is -- how preventing
screen locking helps this situation.

Also on the gnome-list, a brief reply says that executing

xhost +localhost

will allow root to lock the screen. But this doesn't work on my FC5
laptop. And there's nothing on the GNOME user's wiki about the reasons
why root cannot lock the screen.

I think this is a defect (at best a nasty side-effect), and I'd welcome
a good explanation why preventing screen lock for root is desirable
behavior. If there's a good reason, then the Screensaver Preferences
applet should uncheck and gray out this option for root. As it stands,
the applet conveys that the screen will lock for root, when it simply
won't. The GUI lies to the superuser about how the system will respond.
That's a little scary.

If anyone has wisdom about this, I would be grateful. Others have asked
me, and I'd like a better answer than, "it's a dangerous bug in GNOME".

Thanks!

Erik

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: screen saver and screen lock will not work on FC5
    ... KDE's kscreensaver can lock ... the screen for root ... the screensaver can't ... But it's possible to do that, and when you do under GNOME, the ...
    (Fedora)
  • Re: Lock Screen as root
    ... When I log in as root, the Screensaver ... Preferences applet shows the "lock screen when screensaver active" box ... Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org ...
    (Fedora)
  • Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14)
    ... >would be pretty sad to have a root security hole through the screensaver. ... up, and root access, they could always kill it that way. ... it does protect the payroll manager from having one of his lackeys give ...
    (Bugtraq)
  • Re: xhost +localhost
    ... Root should never have a pretty screensaver. ... > Programs like xscreensaver are doing FreeBSD a favor by preventing ... > you will make a mistake while running as root. ...
    (freebsd-questions)
  • Re: How can I allow screensaver unlocking by root?
    ... where the root passwd can unlock any user's screen saver. ... If I am the root passwd owner, I want to be able to get on a machine without having to destroy parts of it. ... How can I allow screensaver unlocking by root? ...
    (Fedora)