> Erik Hemdal wrote: > > > On the gnome-list, a posting noted that one can bypass the > screensaver > > anyway with CTRL-ALT-F1, so logging in as root is dangerous. But I > > tried this, and while I can bypass the screensaver, I still > must log in > > to my virtual terminals. So no loss of security. > > If root did a graphical login, you're right. > > But if root has started the X session with "startx" in one of > the virtual > terminal, you can go to that virtual terminal, do a Ctrl-C (killing X) > and get a root shell. Thank you Roberto, I was beginning to think that maybe I had grown an extra head or something that made others not want to answer the question. Or maybe this is another bit of GNOME design wisdom that is just incomprehensible to me and obvious to everyone else. I appreciate that you took the time to try to explain a dangerous case. I tried your idea and you're right, of course. Launching X via startx is insecure because it does nothing to secure root's original login shell. But preventing root from locking the screen doesn't make this "startx" case more secure. And preventing locking after root does a graphical login _does_ make the system a bit less secure; particularly when the Preferences GUI says root can do it. Certainly, you don't want to routinely do this. But this behavior seems inconsistent to the point of being a defect. I can understand that there might be a security hole if the screensaver has to make connections to what might be a remote X server (I can remember at least one system on which X would fail to start if the network interface was unterminated). But if this is so dangerous, why not prevent graphical root logins altogether? I'm still in the hunt for a good explanation of the behavior, so I'll keep looking. Erik > > Best regards. > -- > Roberto Ragusa mail at robertoragusa.it
