on Sat, Mar 03, 2001 at 08:06:30AM +0100, Jonathan Gift ([EMAIL PROTECTED]) wrote: > kmself@ix.netcom.com wrote: > > > > Yes, launching X from a console w/o securing (or exiting) the console > > session is a security hole. However, securing or exiting the console > > session is trivial. > > > > I had just taken xlock off yesterday and i read this thread first thing > this morning. Good timing. The problem was that I didn't see any point > in having it on if anyone could pres ctrl-alt-bs and at the console. So > if I want a secure X environment, what are my choices? > > 1. XDM? > 2. Secure the console before? You mention above it being trivial. How > can one do it?
Launch X. Kill your console session. In one swell foop if possible.
In my case, the specific command I use is:
$ startx -- :1 1>.startx.log 2>&1 & exit
...and in my case, it works. Not sure why it doesn't for others, though
a 'nonup' may work. On my laptop, I wrote the following bash function
to simplify invoking X. In this case, the invocation is:
$ gostartx; exit
The function:
function gostartx
{
# Wed Feb 7 14:44:04 EST 2001
# Standard X startup -- we choose display :1
# Practice safe X.
if [ $# -eq 0 ];
then disp=1
else disp=$1
fi
if test -f /tmp/.X${disp}-lock; then
if test -d /proc/$( cat /tmp/.X${disp}-lock | sed -e '/ */s///' );
then
echo "X session already running on display :$disp" 1>&2
exit 1
else
echo -e "Removing stale lockfile...\c"
if rm /tmp/.X1-lock; then
echo "Succes"
else
echo "Failed" 1>&2
return 1
fi
fi
fi
As for why I don't use an X display manager, well, I wrote an essay on
that topic: http://kmself.home.netcom.com/Linux/FAQs/xdm-disable.html
...and, on my laptop, one of the problems is that it Just Doesn't Work®
and I Didn't Want To Fsck With It Any More®.
Cheers.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? There is no K5 cabal
http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
pgpgDFc3rTtZn.pgp
Description: PGP signature
