Re: Xorg and X11 forwarding via ssh

[Rhialto <rhialto%falu.nl@localhost>]

On Thu 19 Jun 2008 at 08:25:35 +0200, Michael van Elst wrote:
> For some environments this might be ok, but in general, you need to
> use xdm or create a cookie manually with xauth.

There is another advantage to starting X from xdm, that I noticed.

If you start X manually with "startx", and someone has physical access
to your screen/keyboard, even having a screen locker does not protect
you against the attacker accessing a shell as you.

They can switch to text consoles, in particular the one you started X
from, and suspend the whole X server and thereby get access to a shell
running as you.

If you start from xdm or similar, there is no such shell available.

-Olaf.
-- 
___ Olaf 'Rhialto' Seibert      -- You author it, and I'll reader it.
\X/ rhialto/at/xs4all.nl        -- Cetero censeo "authored" delendum esse.