Re: bypass xlock/slock
Alexandre Ratchov (2015-03-09 11:30 +0100): On Mon, Mar 09, 2015 at 10:25:28AM +0100, Alex Greif wrote: Hi, I am currently trying to find a solution to lock my desktop system (openbsd 5.6, amd64), but with the following steps I can always bypass xlock or slock: - run X session with startx - lock it with xlock or slock - switch to text console 2 (with [CTRL]+[ALT]+[F2]) - switch to text console 1, where X server seems to run in foreground. The last message is (II) AIGLX: Suspending AIGLX clients fro VT switch ... now the problem begins... - CTRL-C a few times - xinit is killed - you are in the login shell of the user who locked the screen ... arrgh Is there a security advice how to prevent killing the X session by switching the text console and killing xinit? starting X with exec startx prevents ^C from returning to the shell Another solution: startx lock -np
Re: bypass xlock/slock
On 3/9/15, Tim van der Molen tb...@xs4all.nl wrote: Another solution: startx lock -np This is the method I use, as well.
Re: bypass xlock/slock
Thus said Alex Greif on Mon, 09 Mar 2015 10:25:28 +0100: - run X session with startx Run: exec startx Instead. Andy -- TAI64 timestamp: 400054fdc9c3
Re: bypass xlock/slock
Alexandre Ratchov wrote: On Mon, Mar 09, 2015 at 10:25:28AM +0100, Alex Greif wrote: Hi, I am currently trying to find a solution to lock my desktop system (openbsd 5.6, amd64), but with the following steps I can always bypass xlock or slock: - run X session with startx - lock it with xlock or slock - switch to text console 2 (with [CTRL]+[ALT]+[F2]) - switch to text console 1, where X server seems to run in foreground. The last message is (II) AIGLX: Suspending AIGLX clients fro VT switch ... now the problem begins... - CTRL-C a few times - xinit is killed - you are in the login shell of the user who locked the screen ... arrgh Is there a security advice how to prevent killing the X session by switching the text console and killing xinit? starting X with exec startx prevents ^C from returning to the shell Note that if you log out of the console, you give up ownership of /dev/drm so the pretty spinning gears won't be as pretty. you can use lock to lock a terminal.
Re: bypass xlock/slock
On Mon, Mar 09, 2015 at 10:25:28AM +0100, Alex Greif wrote: Hi, I am currently trying to find a solution to lock my desktop system (openbsd 5.6, amd64), but with the following steps I can always bypass xlock or slock: - run X session with startx - lock it with xlock or slock - switch to text console 2 (with [CTRL]+[ALT]+[F2]) - switch to text console 1, where X server seems to run in foreground. The last message is (II) AIGLX: Suspending AIGLX clients fro VT switch ... now the problem begins... - CTRL-C a few times - xinit is killed - you are in the login shell of the user who locked the screen ... arrgh Is there a security advice how to prevent killing the X session by switching the text console and killing xinit? starting X with exec startx prevents ^C from returning to the shell
Re: bypass xlock/slock
On Mon, 9 Mar 2015 03:30:44 -0600 Abel Abraham Camarillo Ojeda acam...@verlet.org wrote: On Mon, Mar 9, 2015 at 3:25 AM, Alex Greif a...@greifdesign.net wrote: Hi, I am currently trying to find a solution to lock my desktop system (openbsd 5.6, amd64), but with the following steps I can always bypass xlock or slock: - run X session with startx - lock it with xlock or slock - switch to text console 2 (with [CTRL]+[ALT]+[F2]) - switch to text console 1, where X server seems to run in foreground. The last message is (II) AIGLX: Suspending AIGLX clients fro VT switch ... now the problem begins... - CTRL-C a few times - xinit is killed - you are in the login shell of the user who locked the screen ... arrgh Is there a security advice how to prevent killing the X session by switching the text console and killing xinit? thanks, Alex you could run xdm(1)... this is probably the best option, but if you really want to start x that way use tmux(1): $ tmux startx and then type 'control-b d' to detach, and log out.
Re: bypass xlock/slock
On Mon, Mar 9, 2015 at 10:30 AM, Abel Abraham Camarillo Ojeda acam...@verlet.org wrote: On Mon, Mar 9, 2015 at 3:25 AM, Alex Greif a...@greifdesign.net wrote: Hi, I am currently trying to find a solution to lock my desktop system (openbsd 5.6, amd64), but with the following steps I can always bypass xlock or slock: - run X session with startx - lock it with xlock or slock - switch to text console 2 (with [CTRL]+[ALT]+[F2]) - switch to text console 1, where X server seems to run in foreground. The last message is (II) AIGLX: Suspending AIGLX clients fro VT switch ... now the problem begins... - CTRL-C a few times - xinit is killed - you are in the login shell of the user who locked the screen ... arrgh Is there a security advice how to prevent killing the X session by switching the text console and killing xinit? thanks, Alex you could run xdm(1)... alias startx='exec /usr/X11R6/bin/startx'
Re: bypass xlock/slock
thanks for the tips/answers, I will use xdm in future Alex.
Re: bypass xlock/slock
On Mon, Mar 09, 2015 at 03:30:44AM -0600, Abel Abraham Camarillo Ojeda wrote: On Mon, Mar 9, 2015 at 3:25 AM, Alex Greif a...@greifdesign.net wrote: Hi, I am currently trying to find a solution to lock my desktop system (openbsd 5.6, amd64), but with the following steps I can always bypass xlock or slock: - run X session with startx - lock it with xlock or slock - switch to text console 2 (with [CTRL]+[ALT]+[F2]) - switch to text console 1, where X server seems to run in foreground. The last message is (II) AIGLX: Suspending AIGLX clients fro VT switch ... now the problem begins... - CTRL-C a few times - xinit is killed - you are in the login shell of the user who locked the screen ... arrgh Is there a security advice how to prevent killing the X session by switching the text console and killing xinit? thanks, Alex you could run xdm(1)... xdm would start X as user _x11 which in turn makes impossible for programs to use shared memory to display images.
Re: bypass xlock/slock
On Mon, Mar 9, 2015 at 3:25 AM, Alex Greif a...@greifdesign.net wrote: Hi, I am currently trying to find a solution to lock my desktop system (openbsd 5.6, amd64), but with the following steps I can always bypass xlock or slock: - run X session with startx - lock it with xlock or slock - switch to text console 2 (with [CTRL]+[ALT]+[F2]) - switch to text console 1, where X server seems to run in foreground. The last message is (II) AIGLX: Suspending AIGLX clients fro VT switch ... now the problem begins... - CTRL-C a few times - xinit is killed - you are in the login shell of the user who locked the screen ... arrgh Is there a security advice how to prevent killing the X session by switching the text console and killing xinit? thanks, Alex you could run xdm(1)...
