On Fri 21 Mar 2014 at 12:37:57 -0400, Steve Litt of Troubleshooters.Com wrote:
> On Fri, 21 Mar 2014 11:06:03 +0000 > Robin <rc.rattusrat...@gmail.com> wrote: > > > I may have missed something. If someone has physical access to your > > machine can't they just power off and go into single user mode and > > change the root password? > > Unless you have a BIOS password or encrypted root partition (or > encrypted partition where /etc resides), yes. The OP's point was that > those things take 5 minutes, whereas killing X started by startx gives > the guy a logged-in command prompt in about 5 seconds, especially if > Ctrl+Alt+Backspace is enabled to instantly kill X. I'm having difficulty seeing any inherent "insecurity" in startx (or in sudo for that matter) and crediting the OP's two points with any particular importance. Firstly, a logged-in command prompt is there without killing X and secondly you don't need to leave X to kill X. Giving anyone free run of your account can lead to anything happening unless you take steps to avoid it. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140321175408.gd4...@copernicus.demon.co.uk