On Wednesday, July 30, 2003, at 10:07 h, Doug White wrote:
On Tue, 29 Jul 2003, Patrick Haruksteiner wrote:
I discoverd another security issue with the Mac OS X screensaver. If you have installed escapepod from Ambrosia Software and hit crtl-alt-delete(==backspace) when the screensaver with password protection is running, it kills the screensaver and the desktop is open to anybody - so it has the same effect as the recently emerged password-exploit.
This is not a bug in Apple software. This is a third party extension.
Ambrosia's Escape Pod is a utility that kills the frontmost app when the
shortcut keystroke is typed. Naturally it does not ship with MacOS X.
Since the screen saver is just another application (called ScreenSaverEngine), if you hit the kill key when its running, it gets killed. Fancy that!
I know that! But it should be the concern of the OS that you cannot circumvent its security system with the help of other applications!
-- harp
