Mailinglist Archive: opensuse-security (231 mails)
| < Previous | Next > |
Re: [suse-security] Potential Local User Compromise
- From: Kai Dittmann <Kai@xxxxxxxx>
- Date: Thu, 26 Aug 1999 19:55:29 +0200
- Message-id: <3.0.3.32.19990826195529.009c99b0@xxxxxxxxxxxxxx>
At 11:31 26.08.99 -0600, Ben Livingood wrote:
>In SuSE 6.1 if I start up X from console 1 it starts the Xserver on
>console 7. Even through a locking program if I hit ctrl-alt-f1 I can hop
>back to my old console and then background that process. The security
>problem is if someone local to the machine was to hop on and do the same
>he could gain access to my account, no fuss no muss. Is there a way to
>defeat that bypass other than running @ Level 3 in init.d?
Hmmm maybe a really simple:
#~> startx & exit <enter>
that starts up your X11 and exit from the
current shell immediately after that.
if you do an ctrl-alt-f[1-6] you'll see an ordinary
login-prompt, and the current shell is closed.
just my 2 cents...
--- kai
>In SuSE 6.1 if I start up X from console 1 it starts the Xserver on
>console 7. Even through a locking program if I hit ctrl-alt-f1 I can hop
>back to my old console and then background that process. The security
>problem is if someone local to the machine was to hop on and do the same
>he could gain access to my account, no fuss no muss. Is there a way to
>defeat that bypass other than running @ Level 3 in init.d?
Hmmm maybe a really simple:
#~> startx & exit <enter>
that starts up your X11 and exit from the
current shell immediately after that.
if you do an ctrl-alt-f[1-6] you'll see an ordinary
login-prompt, and the current shell is closed.
just my 2 cents...
--- kai
| < Previous | Next > |