Re: Security Implications of running startx from command line - was Re: Startx: was Great Debian experience
Vincent Lefevre writes:
> The fact that it is multi-user doesn't mean that it will necessarily
> be used by several desktop users.
You can remove spawning the getty on tty you don't want to use.
I don't know how to do this with systemd... With init you had some
nice and well commented entries in /etc/inittab
The multiple console is a feature dating back when there was no X11
available for GNU/Linux...
> I suppose that users who use startx haven't installed a display manager.
> So, I think that the feature should be enabled only when a display
> manager is running.
>
> Actually even better: if user A has locked his X session, then
> the system should prevent any switch to a Linux console where
> A has logged in.
This would be nice, but I think is sort of an hell...
When the user presses the magic sequence, the one in charge of
switching tty should pick the process table, identify X and a possible
screen saver (how? I could use a custom written screensaver called
ullabagulla), then identify which the parent process of X and see
which tty it belongs to, and block any attempt to switch to that tty.
AFAIK Ctrl+Alt+F1 trows a trap, therefore all the stuff above has
to run in kernel space...
A safer solution should be to remove all the getty except one. But
these tty are useful to recover a system in bad times...
--
/\ ___ Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_____ African word
//--\| | \| | Integralista GNUslamico meaning "I can
\/ coltivatore diretto di software not install
già sistemista a tempo (altrui) perso... Debian"
Warning: gnome-config-daemon considered more dangerous than GOTO
Reply to: