Re: Lock Screen as root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Erik Hemdal wrote:
>> Erik Hemdal wrote:
>>
>>> On the gnome-list, a posting noted that one can bypass the 
>> screensaver
>>> anyway with CTRL-ALT-F1, so logging in as root is dangerous.  But I
>>> tried this, and while I can bypass the screensaver, I still 
>> must log in
>>> to my virtual terminals.  So no loss of security.
>> If root did a graphical login, you're right.
>>
>> But if root has started the X session with "startx" in one of 
>> the virtual
>> terminal, you can go to that virtual terminal, do a Ctrl-C (killing X)
>> and get a root shell.
> 
> I tried your idea and you're right, of course.  Launching X via startx is
> insecure because it does nothing to secure root's original login shell.  But
> preventing root from locking the screen doesn't make this "startx" case more
> secure.

I just replied to "I still must log in", saying that in some cases you don't
have to.

The fact that all users can lock their X session, but root can't, it's
completely unreasonable from a security point of view.
So, I agree with you.

It can be argued that the locked screen is not a good security measure and
can be worked around doing this or doing that, but in any case the problem is
that root is *missing a defense* for some unexplained reason.

Best regards.
-- 
   Roberto Ragusa    mail at robertoragusa.it


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux