On Tue, Mar 05, 2002 at 08:04:19AM +0200, Shlomi Fish wrote:
>
> I always considered Run Level 5 as a very bad idea, which I'll never want
> to use. However, I recently run into a dillema here at the Computer
> Networks farm. If I start X from the console and lock it, then a malicious
> user can switch to the console from which it was invoked, press Ctrl+C or
> Ctrl+Z and gain my permissions.
>
> Naturally, there are ways to overcome it:
>
> 1. Using vlock -a on one of the virtual consoles. This renders the
> computer useless except for telnetting/sshing into.
>
> 2. Using screen to run "startx" in the background. This will require to
> hack a simple shell alias to do in style. However, I noticed that using it
> my sound eventaully became non-functional for some reason. It's probably a
> bug of some sort, but I have better things to do with my time than to try
> and sort it out.
>
> 3. Using Run-Level 5. That way, no virtual console are needed to invoke
> the X-server.
>
> I eventually decided to go with option #3, because it is the simplest, and
> surprisngly the most enivronmentally friendly. Obviously, if I replace my
> screen or my video card here I'll have to remember to revert to
> Run-Level 3.
>
> Note that I'm still not going to use Run-Level 5 at my home computer
> because none of my family is a malicious user like that AFAIC, nor do I
> lock the X server. And there, I do face the possibility of a sudden change
> in hardware in which case I'd still like to be able to invoke X only on
> demand.
My 2 agorot:
I made xdm not start an X server (comment the last line in
/etc/X11/xdm/Xservers) and have written an init.d script that runs
'X -query localhost' in a loop with a 'sleep 30' between them.
That way, if X fails to start, I have 30 seconds to log in and
kill the script.
(Well, actually at work I did something more compilcated. If anyone
is interested, I can share my scripts).
Even though off-topic, I would like to here people's opinions
on the matter (as obviously will Shlomi, and I guess others).
Didi
>
> Regards,
>
> Shlomi Fish
>
>
>
> ----------------------------------------------------------------------
> Shlomi Fish [EMAIL PROTECTED]
> Home Page: http://t2.technion.ac.il/~shlomif/
> Home E-mail: [EMAIL PROTECTED]
>
> "Let's suppose you have a table with 2^n cups..."
> "Wait a second - is n a natural number?"
>
>
> =================================================================
> To unsubscribe, send mail to [EMAIL PROTECTED] with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail [EMAIL PROTECTED]
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
