Bug 201871

Summary: x11/xlockmore accepts root password to unlock a user's session.
Product: Ports & Packages Reporter: mzs_47
Component: Individual Port(s)Assignee: Jason Helfman <jgh>
Status: Closed Not Enough Information    
Severity: Affects Many People Flags: bugzilla: maintainer-feedback? (jgh)
Priority: ---    
Version: Latest   
Hardware: amd64   
OS: Any   

Description mzs_47 2015-07-25 13:29:03 UTC 
Xlockmore unlocks the locked screen of a user with root's password.
The user is a member of wheel, operator groups. 
All packages used are available from pkg.

To reproduce:
* Set root password
* Install xlockmore
* Lock screen of a non root account on a DE(XFCE in this case).
* Unlock screen with root's password

> pkg info xlockmore
xlockmore-5.46
Name           : xlockmore
Version        : 5.46
Installed on   : Fri Jul 24 12:23:24 IST 2015
Origin         : x11/xlockmore
Architecture   : freebsd:10:x86:64
Prefix         : /usr/local
Categories     : x11
Licenses       : 
Maintainer     : jgh@FreeBSD.org
WWW            : http://www.tux.org/~bagleyd/xlockmore.html

> uname -a
FreeBSD freebsd64_10 10.1-RELEASE-p15 FreeBSD 10.1-RELEASE-p15 #0: Tue Jul 21 18:00:00 UTC 2015     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
Comment 1 mzs_47 2015-07-27 04:36:48 UTC 
This might not be a bug with xlockmore, as xscreensaver exhibits same behavior.
Comment 2 Jason Helfman freebsd_committer freebsd_triage 2016-01-15 23:32:28 UTC 
I've submitted this upstream for analysis.
Comment 3 Jason Helfman freebsd_committer freebsd_triage 2016-02-20 01:50:42 UTC 
I have not heard anything from upstream maintainers regarding this. If you feel this is in error, please submit more information and we can address it then.

Thanks!
Jason