Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ames!haven!adm!smoke!ibd!heilpern
From: heilpern@ibd.BRL.MIL (Mark A. Heilpern )
Newsgroups: comp.unix.wizards,brl.support
Subject: Re: Terminal locks (was Autologout of unused terminals)
Keywords: SECURITY GAP IN LOCK COMMAND, BSD4.2
Message-ID: <224@ibd.BRL.MIL>
Date: 20 Dec 88 13:21:24 GMT
References: <201.nlunix6@orcenl.uucp> <8978@smoke.BRL.MIL> <2682@sultra.UUCP> <2292@cuuxb.ATT.COM> <971@vsi.COM>
Reply-To: heilpern@brl.arpa (Mark A. Heilpern (IBD) <heilpern>)
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 26

In article <971@vsi.COM> friedl@vsi.COM (Stephen J. Friedl) writes:
>In article <2292@cuuxb.ATT.COM>, dlm@cuuxb.ATT.COM (Dennis L. Mumaugh) writes:

>No kidding.  The 4.1BSD [I think] `lock' had a hardcoded magic
>unlock password ("hasta la vista"), and ^Z would stop it as
>well.
>     Steve

Immediately after reading this, like any curious user, I checked it out on
our 4.2BSD system. Yes, using ^Z DOES abort lock, as does "hasta la vista."

My initial attempt at typeing "hasta..." was misspelled, and STILL went
through. This lead me to discover ANY two word (separated by a space)
combination will satisfy the lock program.

Rather than tell you how you should feel about this, I'll let you form
your own conclusions.

					Mark

{These are the opinions of myself and NOT those of my employer.}

-- 
 |\/|         |
 |  |   _     |<
/    \_(_(_)\_/ \______