Re: Security Implications of running startx from command line - was Re: Startx: was Great Debian experience

["Gian Uberto Lauri" <saint@eng.it>]

Vincent Lefevre writes:
 > The fact that it is multi-user doesn't mean that it will necessarily
 > be used by several desktop users.

You can remove spawning the getty on tty you don't want to use.

I don't know how to do this with systemd... With init you had some
nice and well commented entries in /etc/inittab

The multiple console is a feature dating back when there was no X11
available for GNU/Linux...

 > I suppose that users who use startx haven't installed a display manager.
 > So, I think that the feature should be enabled only when a display
 > manager is running.
 > 
 > Actually even better: if user A has locked his X session, then
 > the system should prevent any switch to a Linux console where
 > A has logged in.

This would be nice, but I think is sort of an hell... 

When the user presses the magic sequence, the one in charge of
switching tty should pick the process table, identify X and a possible
screen saver (how? I could use a custom written screensaver called
ullabagulla), then identify which the parent process of X and see
which tty it belongs to, and block any attempt to switch to that tty.

AFAIK Ctrl+Alt+F1 trows a trap, therefore all the stuff above has
to run in kernel space...

A safer solution should be to remove all the getty except one. But
these tty are useful to recover a system in bad times...

-- 
 /\           ___                                    Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_____               African word
  //--\| | \|  |   Integralista GNUslamico            meaning "I can
\/                 coltivatore diretto di software       not install
     già sistemista a tempo (altrui) perso...                Debian"

Warning: gnome-config-daemon considered more dangerous than GOTO