Re: Security Implications of running startx from command line - was Re: Startx: was Great Debian experience
On Fri, 21 Mar 2014 11:06:03 +0000
Robin <rc.rattusrattus@gmail.com> wrote:
> I may have missed something. If someone has physical access to your
> machine can't they just power off and go into single user mode and
> change the root password?
Unless you have a BIOS password or encrypted root partition (or
encrypted partition where /etc resides), yes. The OP's point was that
those things take 5 minutes, whereas killing X started by startx gives
the guy a logged-in command prompt in about 5 seconds, especially if
Ctrl+Alt+Backspace is enabled to instantly kill X.
I think it depends on the situation. If you're at the library with your
laptop and need to go to the bathroom, it's best to take the computer
with you, because it's easier to just walk off with it than to dink
with the command prompt. I have my office in my home, where I trust
everyone who goes in my office, so startx is fine.
But if I were working in a cube farm with a desktop, where hundreds of
people walk by my computer every day, and in fact some might actually
have business being on my computer, disabling a 5 second route to a
command prompt logged in as me would be a very good thing.
SteveT
Steve Litt * http://www.troubleshooters.com/
Troubleshooting Training * Human Performance
Reply to: