On Tue, 5 Mar 2002, Adi Stav wrote: > On Tue, Mar 05, 2002 at 08:04:19AM +0200, Shlomi Fish wrote: > > > > I always considered Run Level 5 as a very bad idea, which I'll never want > > to use. However, I recently run into a dillema here at the Computer > > Networks farm. If I start X from the console and lock it, then a malicious > > user can switch to the console from which it was invoked, press Ctrl+C or > > Ctrl+Z and gain my permissions. > > > > Naturally, there are ways to overcome it: > > Oh, just use "exec startx" instead of "startx", and the attacker will > have no login shell left to attack.
But the legitimate user will be left with no login shell to use If there is any problem with the X server: you'll be logged-out One of the advantages of using startx is that you can execute other commands. by 'exec startx' you are making this atvantage mute. > > "startx >startx.log 2>&1 </dev/null & exit" if you don't want to leave > startx on the tty either. That is sort of what xdm does, too. -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
