[xgk]dm hackery.
Ben Scott
dragonhawk at gmail.com
Thu Jun 1 12:25:01 EDT 2006
On 6/1/06, Steven W. Orr <steveo at syslang.net> wrote:
> Boris Badinoff comes along. BB types "Ctl-Alt-F1" ...
There are directives you can put in the X server config file that
disable console switching and zapping (immediate X server shutdown via
[CTRL]+[ALT]+[BACKSPACE] or similar). I also seem to recall that some
xlock-type programs manage to tell the X server to disable those magic
keystrokes when they lock the screen.
> Is it possible for BB to be able to do anything with the machine (short of
> sticking a cd in and rebooting) in scenario 2 to get control of that
> user's account?
In theory, scenario #2 is safe. User never logged in on the text
console, so there's no leftover session to reuse. The only attack
surface is xlock and the X server itself, so there would have to be
some kind of bug or backdoor in one of those. Some systems *might*
let you zap the X session, but at most, Freddy's just lost his login
session, not given BB access to his account.
Ken D'Ambrosio's comments about physical access should be foremost, though.
-- Ben
More information about the gnhlug-discuss
mailing list