Re: Security Implications of running startx from command line - was Re: Startx: was Great Debian experience
On Fri, 21 Mar 2014 14:25:14 +0100
"Valerio Vanni" <valerio@valeriovanni.com> wrote:
> "Brian" <ad44@cityscape.co.uk> ha scritto nel messaggio
> [🔎] 21032014113647.c62190855751@desktop.copernicus.demon.co.uk">news:[🔎] 21032014113647.c62190855751@desktop.copernicus.demon.co.uk
>
> > For the situation when X is started with startx would 'startx &
> > exit' prevent the termination of an X session even if CTRL+ALT+FN
> > etc gets console access?
>
> I've always used "startx & exit", and it works perfectly.
> It doesn't prevent the termination of an X session, but if it's
> terminated you get a logon prompt as if you had just booted the
> machine.
I just tried both:
startx & exit
startx; exit
The former logs out of the original bash session immediately, running X
in the background, so you see no stdout from X. I don't know where it
goes.
The latter shows the stdout from X, but when you leave X, whether
normally from Xfce or by Ctrl+C'ing in tty1, it automatically logs out
of the bash session and leaves you at the login prompt.
I guess the choice between these two depends on how valuable you think
it is to see the stdout from X (for debugging, presumably), how worried
you are about where all that stdout is going if X is run in the
background, how worried you are that somebody could find a way of
killing X and simultaneously preventing the exit to happen.
To cure my paranoia of having stdout going to an unknown place, I made
the following executable /usr/local/bin/exx:
==========================
#!/bin/bash
startx > /dev/null & exit
==========================
I invoke it like this:
. exx
I think that dot space before the command is similar to "exec", which
runs it in the current process, so the current process, rather than a
spawned process, is what gets exited. It appears to work perfectly,
logging out tty1 the instant X is up and running.
I didn't plan this, but this 2 line shellscript has the added benefit
that if I forget the dot, and forgetting it would leave the bash
session open, it tells me I don't have privileges to run X, and refuses
to run X. So I can't make a dumb mistake.
I'm probably going to start using this exx script on all my Debian
computers.
Thanks,
SteveT
Steve Litt * http://www.troubleshooters.com/
Troubleshooting Training * Human Performance
Reply to: