Erik Hemdal wrote: >> Erik Hemdal wrote: >> >>> On the gnome-list, a posting noted that one can bypass the >> screensaver >>> anyway with CTRL-ALT-F1, so logging in as root is dangerous. But I >>> tried this, and while I can bypass the screensaver, I still >> must log in >>> to my virtual terminals. So no loss of security. >> If root did a graphical login, you're right. >> >> But if root has started the X session with "startx" in one of >> the virtual >> terminal, you can go to that virtual terminal, do a Ctrl-C (killing X) >> and get a root shell. > > I tried your idea and you're right, of course. Launching X via startx is > insecure because it does nothing to secure root's original login shell. But > preventing root from locking the screen doesn't make this "startx" case more > secure. I just replied to "I still must log in", saying that in some cases you don't have to. The fact that all users can lock their X session, but root can't, it's completely unreasonable from a security point of view. So, I agree with you. It can be argued that the locked screen is not a good security measure and can be worked around doing this or doing that, but in any case the problem is that root is *missing a defense* for some unexplained reason. Best regards. -- Roberto Ragusa mail at robertoragusa.it
