TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Security Tidbit
Hello All,
I recently learned a little security tidbit that I found interesting,
and thought I'd pass it along.
When I start my X session, I simply type "startx" at the prompt after
I've logged into the machine. When I step away from my desk, or for
that matter go home for the night, I assumed that because I was running
a password "protected" screensaver, that I was somewhat protected.
(In most cases however, if an attacker has physical access your in
pretty big trouble anyhow...)
What happens if they walk up, and press <CTL><ALT><BKSP>?? Well, it
kills X, and dumps you right into your logged in "console" sessioni!!!
I wasn't very comfortable knowing it was _THAT_ easy...
One way to slow them down a bit is to disable that function in the
XF86Config file (I think it's the "DontZap" option?), but I still wanted
a way to get out of X should things get "funny"...
A co-worker of mine suggested that when she starts her X session, rather
than simply typing "startx", she does "exec startx". When you
<CTL><ALT><BKSP> out of X when started that way, it will dump you to a
login prompt rather than your logged in console prompt.
Most of you veterans probably already knew this, but for the purpose of
general education I thought it was worth saying.
And yes, like I said, if the potential attacker has physical access to
your box, you're pretty much screwed in most cases. But, the approach
above should help deter simple stuff...??
I like starting security discussions anyway, because I always
learn a lot from the resulting discussions.
Thoughts, comments, etc??
Scott K. Johnson
seker@uswest.net