Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Xorg and X11 forwarding via ssh
On Thu 19 Jun 2008 at 08:25:35 +0200, Michael van Elst wrote:
> For some environments this might be ok, but in general, you need to
> use xdm or create a cookie manually with xauth.
There is another advantage to starting X from xdm, that I noticed.
If you start X manually with "startx", and someone has physical access
to your screen/keyboard, even having a screen locker does not protect
you against the attacker accessing a shell as you.
They can switch to text consoles, in particular the one you started X
from, and suspend the whole X server and thereby get access to a shell
running as you.
If you start from xdm or similar, there is no such shell available.
-Olaf.
-- 
___ Olaf 'Rhialto' Seibert      -- You author it, and I'll reader it.
\X/ rhialto/at/xs4all.nl        -- Cetero censeo "authored" delendum esse.
Home |
Main Index |
Thread Index |
Old Index