this is a patch for x11r6.1's xdm. it will prevent the root from logging on through xdm. why? "... the patient cracker can guess the root passwd by trial and error without a risk because the xdm doesn't log those failed attempts ..." --steven flick, srf@aluxpo.micro.lucent.com to install this patchs (i have tested the following on sunos/solaris machines) 1.assume that you have built the x11r6.1 tree at /opt/X11/X11R6: use the verify.c.x11r6.1 to overwrite the /opt/X11/X11R6/src/xc/programs/xdm/greeter/verify.c cd /opt/X11/X11R6/src/xc/programs/xdm/greeter /opt/X11/X11R6/bin/xmkmf make make install (you must do this under /opt/X11/X11R6/src/xc/programs/xdm/greeter, otherwise you may lose your configuration files) or for secure cp /opt/X11/X11R6/src/xc/programs/xdm/greeter/libXdmGreet.so.1.0 \ /opt/X11/X11R6/lib/X11/xdm/ make clean ( on sunos4.1.x machines, you may need run ldconfig as root, # cd /opt/X11/X11R6/lib/X11/xdm # ldconfig /opt/X11/X11R6/lib/X11/xdm ) note: you don't have to restart xdm after you installed the patch. (because libXdmGreet.so.1.0 is just like a dynamically linked module of xdm) 2. assume that you have built the x11r5 tree at /usr/local/X11R5: use the verify.c.x11r5 to overwrite the /usr/local/X11R5/src/mit/clients/xdm/verify.c cd /usr/local/X11R5/src/mit/clients/xdm /usr/local/X11R5/bin/xmkmf make cp /usr/local/X11R5/src/mit/clients/xdm/xdm /usr/local/X11R5/bin/xdm (don't use make install, it will overwrite your configuration files) make clean su as root kill -9 restart a new deamon, e.g. /usr/local/X11R5/bin/xdm -config /usr/local/X11R5/lib/X11/xdm/xdm-config by tianhua han, than@lucent.com