[xgk]dm hackery.
Steven W. Orr
steveo at syslang.net
Thu Jun 1 10:00:00 EDT 2006
I have a security question that relates to how to get around xlock. There
are 2 scenarios.
scenario #1: In this case, the system is not configured to run a graphic
login. User Freddy logs in in text mode and then runs startx. While
running his session, he locks the monitor using xlock. He walks away and
Boris Badinoff comes along. BB types "Ctl-Alt-F1" and is taken to the text
window that is running X. He then types Ctl-C and has commandeered the
text login and can do anything that that account allows. Thank you xlock.
scenario #2: In this case, the computer is configured to run at runlevel 5
and Freddy logs in on a graphic login (i.e., xdm, kdm, etc...). BB comes
along and hits Ctl-Alt-F1 and gets taken to the mgetty prompt for
screen1. BB (or is it me) is stuck.
Is it possible for BB to be able to do anything with the machine (short of
sticking a cd in and rebooting) in scenario 2 to get control of that
user's account?
--
Time flies like the wind. Fruit flies like a banana. Stranger things have .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
More information about the gnhlug-discuss
mailing list