Re: Security Implications of running startx from command line - was Re: Startx: was Great Debian experience
On 2014-03-20 12:44:21 +1100, Zenaan Harkness wrote:
> When logging in at the Linux console (on current kernels at least),
> then running startx, there is a security problem:
>
> Anyone with physical access to your computer could:
>
> a) logout of your gui session (if it's not screensaver locked), taking
> them back to your command line, and depending on your settings of
> /etc/sudoers tty_tickets or respectively !tty_tickets setting - see
> man sudoers) might give them instant root access;
> either way, mischief may ensure.
>
> b) type Ctrl-Alt-F1 (for example), followed by Ctrl-C to kill your gui
> session, notwithstanding if you even have it gui locked
>
>
> SO: what to do?
>
> What I did for a while was:
> a) log in to Linux console
> b) startx; exit
Does it really solve the problem?
For instance, type:
sleep 2; exit
and Ctrl-C just after. The "sleep 2" is interrupted, but "exit"
isn't run.
You could still do "exec startx", but this may not be OK if you
want *logout files to be sourced for clean-up.
--
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Reply to: