Re: Possible flaw in XFree?

From: strange@nsk.yi.org
Date: 06/29/02 

Date: Sat, 29 Jun 2002 00:32:27 +0100
From: strange@nsk.yi.org
To: "William N. Zanatta" <william@veritel.com.br>

On Fri, Jun 28, 2002 at 02:34:01PM -0300, William N. Zanatta wrote:
> Firstly, thank you for the answers. But...
>
> You have explained how to start X without letting my console opened
> and that Ctrl-Alt-Backspace is a feature. I already know that. The
> problem I see is: once the X session is locked, it is suposed to LOCK
> the system and don't let anyone just press Ctrl-Alt-Backspace and take
> it down. Also it shouldn't let people switch to console by Ctrl-Alt-Fx.
> If it can't have such behavior, using xlock and stuffs like that isn't
> justified.
>
> Got it?? I'm not discussing on whether to run X by xdm, or by
> console, or even disabling 'DontZap'. I'm talking about one doing things
> when it shouldn't.

Unix/Linux is a multiuser system. If a user had the ability to lock the
system against anyone else, I would call that a bug.

As it is, a user has the ability to lock its sessions. That's the purpose
of xlock and likes.

And if the same user or another user has the ability to switch to a new
console and start its own X server or shell, I call that a multiuser
system.

So, as I see it, one is doing things as it should...

Regards,
Luciano Rocha

Relevant Pages

  • FW: Possible flaw in XFree?
    ... when a ridiculous default config causes a major security hole. ... once the X session is locked, ... Also it shouldn't let people switch to console by ... a user has the ability to lock its sessions. ...
    (Vuln-Dev)
  • Re: Possible flaw in XFree?
    ... You have explained how to start X without letting my console opened ... and that Ctrl-Alt-Backspace is a feature. ... Also it shouldn't let people switch to console by Ctrl-Alt-Fx. ...
    (Vuln-Dev)
  • Etch: blank (black) screen, Xorg is running, modes are Ok
    ... the same happens if I switch to a console ... In every case, the system still reacts to ctrl-alt-plus, ctrl-alt-minus and ctrl-alt-backspace (I can hear my TRC display switching scan modes), but there is no image at all - well, there is a very subtle, almost completely dark, glow in the screen, seeming to be the correct desktop scan size, but nothing identifiable. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". ...
    (Debian-User)
  • What when Mandrake 9.1 freeze ?
    ... Sometimes I run movie from the /mnt/cdrom which ... freeze Mandrake and I don't see the mouse or could ... start the console, not even ctrl-alt-backspace helps. ...
    (comp.os.linux)
  • Re: what are some more advanced error collection methods?
    ... I also have an mdraid with 2 disks ... num lock light is on but was off prior to lock up ... Since nothing showed up in the logs and I could not read the console, ... start getting characters from the kernel immediately. ...
    (Linux-Kernel)