First, I do not believe there is s problem with switching consoles as each sonsole is the users responsibility, but if they secure their consoles and xwin and you can end around it with a default config there is a problem. Microsoft got tore up about being able to ctrl-alt-del and end tasking the screen saver to avoid the password issue. It is a serious security hole, and, because of that should not be the default configuration, even if it is fixable. Someone only has to miss it on one system once and a security breach can occur. Using a graphical (give me a break) manager is surely not an acceptable solution. I hate MS and it makes me happy to hear them get slapped around when a ridiculous default config causes a major security hole. So, the same standard needs to be applied here...especially when you know who is watching and looking for anything to discredit a real OS to better leverage their sub-standard trash code. Andy -----Original Message----- From: strangeat_private [mailto:strangeat_private] Sent: Friday, June 28, 2002 7:32 PM To: William N. Zanatta Cc: vuln-devat_private Subject: Re: Possible flaw in XFree? On Fri, Jun 28, 2002 at 02:34:01PM -0300, William N. Zanatta wrote: > Firstly, thank you for the answers. But... > > You have explained how to start X without letting my console opened > and that Ctrl-Alt-Backspace is a feature. I already know that. The > problem I see is: once the X session is locked, it is suposed to LOCK > the system and don't let anyone just press Ctrl-Alt-Backspace and take > it down. Also it shouldn't let people switch to console by > Ctrl-Alt-Fx. If it can't have such behavior, using xlock and stuffs > like that isn't justified. > > Got it?? I'm not discussing on whether to run X by xdm, or by > console, or even disabling 'DontZap'. I'm talking about one doing > things when it shouldn't. Unix/Linux is a multiuser system. If a user had the ability to lock the system against anyone else, I would call that a bug. As it is, a user has the ability to lock its sessions. That's the purpose of xlock and likes. And if the same user or another user has the ability to switch to a new console and start its own X server or shell, I call that a multiuser system. So, as I see it, one is doing things as it should... Regards, Luciano Rocha
This archive was generated by hypermail 2b30 : Sat Jun 29 2002 - 10:02:01 PDT