[Sawtooth2000]

10.1.1

If you set your screensaver to prompt the user for a password, any admin-priviledged user can get out of the screensaver.

For example

User A is logged in and turns screensaver on with password protection

User B can enter their name and password and get into User A's session.

Has anyone found a way to prevent this?

-'tooth

[Developer]

Isn't this a good thing? What else would you do if someone locks the machine with the screensaver and refuses to come back?

Just don't give admin acounts to people you don't trust.

[sungwoo]

I locked the screen with my admin account, and was able to unlock it with root account.
Hmm.. annoying...

We need a patch for this although I am the only one person who use my Mac.

[ 11-21-2001: Message edited by: sungwoo ]

[jguidroz]

Yes, root is superuser account above all admin accounts. What we would not want is a non admin account to be able to use username and password for getting through a screensaver that is locked with a password.

However if admin b uses his username and password in admin a's session, the OS should save all currently open documents, logout, and let b relogin to gain access to the computer, that way, he does not have access to admin a's session.

[Angus_D]

I don't see why this is a problem. Admin users are meant to be *TRUSTED*. I mean, admin users can be root if they want to (they are automatically sudoers unless you manually change that), so I don't see the problem with giving them access to others' login sessions.

[jguidroz]

Yes, they are meant to be trusted with using the computers, but are they trusted enough for the information they could possibly see?

[rantweasel]

Originally posted by jguidroz:
<STRONG>Yes, they are meant to be trusted with using the computers, but are they trusted enough for the information they could possibly see?</STRONG>

Admin users are equivalent to root users. Root users can see everything, change everything, and execute everything. Under OS X defaults, there is no file on the computer that an admin user cannot read, write, or execute. If you don't trust someone to see everything, you should not make them admin users. You could try giving them limited access under sudo (man sudoers), although sudoers might be pre-empted by something in NetInfo.

Back to the discussion at hand, this is not a security hole. This is a design choice, and a very reasonable one at that. Your security policy and your willingness to assign admin privs needs to take into account the fact that an admin user can do everything and anything that root can do. Most X11 screensavers allow the root user to unlock the screen. Practically speaking, there is no way to prevent it, either - the root user can simply ssh into the box, and kill the screensaver from the command line, or change the other user's password and then unlock the screensaver with the new password. It is easier to provide a method for root to do this cleanly.

[sniffer]

Paranoid people..

Seems logical to me that an administrator should have possible access to the computer at any time. It's their job to a-d-m-i-n-i-s-t-r-a-t-e the computer right? If you can't trust the administrator, don't blame the system.