COMMAND

    CDE/NIS+

SYSTEMS AFFECTED

    Solaris 2.6

PROBLEM

    Daniel Bell   found following.   Any user other  than root who  is
    running  CDE  at  the  console  will  find  CDE's  screen  locking
    feature  does  not  work.   Any  random  string  is  sufficient to
    unlock    to    console.      Obviously,    this    is    not    a
    root-compromise-from-the-network  sort  of  bug,  but  it can be a
    problem if your machine  is located somewhere physically  insecure
    (university labs, for example).

    Here's the first paragraph from Sun's bug report...:

        Bug Id: 4115685
        Category: cde
        Subcategory: screenlock
        State: integrated
        Synopsis: CDE screen lock not working properly for nis+ users
        Description:
        login in  as a  nis+ user,  using lock  from CDE  front panel,
        screen locks but at the prompt any password, even no  password
        unlocks  the  screen.   root  user  doesn't have this problem.
        Xlock doesnot have this  problem.  multiple machines  have the
        same  problem.   all  the  recommended  patches are installed,
        problem happens even for newly defined users.

SOLUTION

    There seems to  be a bug  ID opened by  someone else even  farther
    back (bug id 4115685).  This  is not fixed in any current  release
    (up through  Hardware 5/98  w/current patches).  You can  redefine
    CDE's LockDisplay action so it runs /usr/openwin/bin/xlock instead
    of the broken CDE screenlock.  just put the following action  into
    the  file  /etc/dt/appconfig/types/C/Xlock.dt  and  restart   your
    workspace manager:

    ACTION LockDisplay
    {
            LABEL   LockDisplay
            TYPE    COMMAND
            EXEC_STRING     /usr/X11R5/bin/xlock
            WINDOW_TYPE     NO_STDIO
            DESCRIPTION     The LockDisplay action locks the workstation.
    }