Re: Security Implications of running startx from command line - was Re: Startx: was Great Debian experience

To: debian-user@lists.debian.org
Subject: Re: Security Implications of running startx from command line - was Re: Startx: was Great Debian experience
From: Vincent Lefevre <vincent@vinc17.net>
Date: Fri, 21 Mar 2014 16:39:30 +0100
Message-id: <[🔎] 20140321153930.GA7639@ypig.lip.ens-lyon.fr>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20140321103402.GA10490@darac.org.uk>
References: <[🔎] CAOsGNSSDt+5w-tEAiJNkFNkL0TMcLF4LjUiOkkW+oXDFiei2pQ@mail.gmail.com> <[🔎] 20140321060351.GB14465@sid.nuvreauspam> <[🔎] 21291.64953.782916.83121@mail.eng.it> <[🔎] 20140321094638.GD14465@sid.nuvreauspam> <[🔎] 20140321103402.GA10490@darac.org.uk>

On 2014-03-21 10:34:03 +0000, Darac Marjal wrote:
> On Fri, Mar 21, 2014 at 11:46:38AM +0200, Andrei POPESCU wrote:
> > On Vi, 21 mar 14, 09:52:09, Gian Uberto Lauri wrote:
> > > 
> > > You can access the console X was started from even when the machine is
> > > locked.
> > 
> > Seriously? I'd find that to be a severe bug in the said locking 
> > application.
> 
> It's a feature of linux being multi-user.

The fact that it is multi-user doesn't mean that it will necessarily
be used by several desktop users.

> You come up to a machine that's running Xscreensaver (et al.) change
> to another VT, login there and start another X server. GDM can
> facilitate this with the Switch User functionality, but it's
> perfectly normal behaviour even without.

I suppose that users who use startx haven't installed a display manager.
So, I think that the feature should be enabled only when a display
manager is running.

Actually even better: if user A has locked his X session, then
the system should prevent any switch to a Linux console where
A has logged in.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to:

Follow-Ups:
- Re: Security Implications of running startx from command line - was Re: Startx: was Great Debian experience
  - From: "Gian Uberto Lauri" <saint@eng.it>

References:
- Security Implications of running startx from command line - was Re: Startx: was Great Debian experience
  - From: Zenaan Harkness <zen@freedbms.net>
- Re: Security Implications of running startx from command line - was Re: Startx: was Great Debian experience
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: Security Implications of running startx from command line - was Re: Startx: was Great Debian experience
  - From: "Gian Uberto Lauri" <saint@eng.it>
- Re: Security Implications of running startx from command line - was Re: Startx: was Great Debian experience
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: Security Implications of running startx from command line - was Re: Startx: was Great Debian experience
  - From: Darac Marjal <mailinglist@darac.org.uk>

Prev by Date: Re: Security Implications of running startx from command line - was Re: Startx: was Great Debian experience
Next by Date: Re: Security Implications of running startx from command line - was Re: Startx: was Great Debian experience
Previous by thread: Re: Security Implications of running startx from command line - was Re: Startx: was Great Debian experience
Next by thread: Re: Security Implications of running startx from command line - was Re: Startx: was Great Debian experience
Index(es):
- Date
- Thread