In SuSE 6.1 if I start up X from console 1 it starts the Xserver on console 7. Even through a locking program if I hit ctrl-alt-f1 I can hop back to my old console and then background that process. The security problem is if someone local to the machine was to hop on and do the same he could gain access to my account, no fuss no muss. Is there a way to defeat that bypass other than running @ Level 3 in init.d? Ben -- To Regret one's Mistakes, Is To Regret One's Experiences -O. Wilde
At 11:31 26.08.99 -0600, Ben Livingood wrote:
In SuSE 6.1 if I start up X from console 1 it starts the Xserver on console 7. Even through a locking program if I hit ctrl-alt-f1 I can hop back to my old console and then background that process. The security problem is if someone local to the machine was to hop on and do the same he could gain access to my account, no fuss no muss. Is there a way to defeat that bypass other than running @ Level 3 in init.d?
Hmmm maybe a really simple: #~> startx & exit <enter> that starts up your X11 and exit from the current shell immediately after that. if you do an ctrl-alt-f[1-6] you'll see an ordinary login-prompt, and the current shell is closed. just my 2 cents... --- kai
I understand there is a program named "vlock" that does what you want -- but be careful, if running the 2.1.x or 2.2.x or 2.3.x series of kernels, the magic sysrq key can bypass that too. On Thu, Aug 26, 1999 at 11:31:24AM -0600, Ben Livingood wrote:
In SuSE 6.1 if I start up X from console 1 it starts the Xserver on console 7. Even through a locking program if I hit ctrl-alt-f1 I can hop back to my old console and then background that process. The security problem is if someone local to the machine was to hop on and do the same he could gain access to my account, no fuss no muss. Is there a way to defeat that bypass other than running @ Level 3 in init.d? Ben -- To Regret one's Mistakes, Is To Regret One's Experiences -O. Wilde
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- Seth Arnold Hate spam? See http://maps.vix.com/rbl/ Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
On Thu, 26 Aug 1999, Seth R Arnold wrote:
I understand there is a program named "vlock" that does what you want -- but be careful, if running the 2.1.x or 2.2.x or 2.3.x series of kernels, the magic sysrq key can bypass that too.
But this feature is for debugging only and it is disabled in SuSE kernel config by default... not so with RedHat
On Thu, Aug 26, 1999 at 11:31:24AM -0600, Ben Livingood wrote:
In SuSE 6.1 if I start up X from console 1 it starts the Xserver on console 7. Even through a locking program if I hit ctrl-alt-f1 I can hop back to my old console and then background that process. The security problem is if someone local to the machine was to hop on and do the same he could gain access to my account, no fuss no muss. Is there a way to defeat that bypass other than running @ Level 3 in init.d? Ben -- To Regret one's Mistakes, Is To Regret One's Experiences -O. Wilde
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- Seth Arnold Hate spam? See http://maps.vix.com/rbl/ Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = E3 42 DA D1 3B 9C 23 D0 93 1F B8 2E 6B 9A 45 82
participants (4)
-
Ben Livingood -
Kai Dittmann -
Seth R Arnold -
Thomas Biege