Re: Am I missing something or is this a HUGE security flaw?

1998-05-07 Thread Truxton King Fulton II 
Colin Telmer <[EMAIL PROTECTED]> writes:

another method is to use "exec startx".

-Truxton

> On Tue, 5 May 1998, Joey Hess wrote:
> 
> > Luiz Otavio L. Zorzella wrote:
> > > This is a no-answer. Starting X from the console is a valid -- and
> > > even prefered, IMHO -- way of starting X. If I *need* to use xdm, I'll
> > > always have to have the memory-eating "X", which seems unaceptable for
> > > me, if I'm not using X.
> > 
> > Ok, I should have provided more detail.
> > 
> > Don't start X that way - if you must start it from the console, you can use
> > "startx & ; exit" to start it and logout. Or something along those lines.
> 
> Not much of a difference, but if I recall before I started using xdm, try
> 
> (startx &); exit
> 
> lockvc could be used but then you still leave yourself logged in on a vc
> and another program protecting it. If you are memory economizing, I would
> suggest the above. Cheers, Colin.
> 
> --
> Colin Telmer, Ottawa, Ontario, Canada
> 
> 
> 
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Am I missing something or is this a HUGE security flaw?

1998-05-06 Thread Colin Telmer 
On Tue, 5 May 1998, Joey Hess wrote:

> Luiz Otavio L. Zorzella wrote:
> > This is a no-answer. Starting X from the console is a valid -- and
> > even prefered, IMHO -- way of starting X. If I *need* to use xdm, I'll
> > always have to have the memory-eating "X", which seems unaceptable for
> > me, if I'm not using X.
> 
> Ok, I should have provided more detail.
> 
> Don't start X that way - if you must start it from the console, you can use
> "startx & ; exit" to start it and logout. Or something along those lines.

Not much of a difference, but if I recall before I started using xdm, try

(startx &); exit

lockvc could be used but then you still leave yourself logged in on a vc
and another program protecting it. If you are memory economizing, I would
suggest the above. Cheers, Colin.

--
Colin Telmer, Ottawa, Ontario, Canada




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Am I missing something or is this a HUGE security flaw?

1998-05-06 Thread Joey Hess 
Luiz Otavio L. Zorzella wrote:
> This is a no-answer. Starting X from the console is a valid -- and
> even prefered, IMHO -- way of starting X. If I *need* to use xdm, I'll
> always have to have the memory-eating "X", which seems unaceptable for
> me, if I'm not using X.

Ok, I should have provided more detail.

Don't start X that way - if you must start it from the console, you can use
"startx & ; exit" to start it and logout. Or something along those lines.

If you log in at the console, lock X, and are able to get back to your old
login, this is hardly a bug in X. You might want to look at using lockvc as
well.

-- 
see shy jo


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Am I missing something or is this a HUGE security flaw?

1998-05-06 Thread Luiz Otavio L. Zorzella 
Joey Hess writes:
 > Luiz Otavio L. Zorzella wrote:
 > > If someone told me he could enter in my accout if I left my screen
 > > locked I would say he's nuts, but that's exactly what I found out.
 > > 
 > > It is a simple combinated use of X and xlock when xdm isn't used.
 > > 
 > > How? Let's say someone simply locks his computer with xlock.
 > > 
 > > All you need to do is change to text virtual console 1 with
 > > CTRL-ALT-F1 (or whatever console X was started in) and press
 > > CTRL-C. That will kill X and give you the person's login.
 > > 
 > > Am I missing something?
 > 
 > Don't start X that way.
 >

This is a no-answer. Starting X from the console is a valid -- and
even prefered, IMHO -- way of starting X. If I *need* to use xdm, I'll
always have to have the memory-eating "X", which seems unaceptable for
me, if I'm not using X.

-- 
Luiz Otavio L. Zorzella Product Engineer
[EMAIL PROTECTED]  http://www.conexware.com


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Am I missing something or is this a HUGE security flaw?

1998-05-06 Thread Joey Hess 
Luiz Otavio L. Zorzella wrote:
> If someone told me he could enter in my accout if I left my screen
> locked I would say he's nuts, but that's exactly what I found out.
> 
> It is a simple combinated use of X and xlock when xdm isn't used.
> 
> How? Let's say someone simply locks his computer with xlock.
> 
> All you need to do is change to text virtual console 1 with
> CTRL-ALT-F1 (or whatever console X was started in) and press
> CTRL-C. That will kill X and give you the person's login.
> 
> Am I missing something?

Don't start X that way.

-- 
see shy jo


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]