[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: [blfs-support] pcre-8.30 Fernando de Oliveira Mon Feb 13 08:00:40 2012

Bruce, thank you very much for the replies.

Em 12-02-2012 19:17, Bruce Dubbs escreveu:
> Fernando de Oliveira wrote:
>> I used to do that for months (or even years?) until one day I read
>> about security issues if not using a dm, 
> That seems pretty lame.  You only need to do Ctrl-Alt-F2 to get to a 
> login prompt unless there has been changes to the default inittab.

I think I found one of the pages I saw long ago about this:


> Warning: Note that there is a significant security difference when using 
> plain startx instead of a login manager. Thus you run startx from your shell 
> you are always able to switch from X (usually on tt7) back to tty1 
> (Ctrl+Alt+F1) and gain control over the user shell even when the screen is 
> locked (e.g. via XScreenSaver, i3lock, alock-svn or lualock-git). A solution: 
> replace exec startx with exec nohup startx > .xlog & vlock. This will start 
> X, redirect the print out to ~/.xlog and lock the shell. Of course you need 
> to install vlock first.<

And it is related to your comment above, but to my understanging, in the 
opposite sense. Funny thing, I tried it in the VM running LFS "svn 7.0" (X, but 
no dm, no vm-tools),  LFS 6.8 (my default machine, where I am writing this 
post, LXDE/LXDM, open-vm-tools) , and got the new login prompt, but, to my 
surprise, in the *host*!!! So, agreement with Bruce.

> and installed slim. I have
>> spent about an hour now, trying to find it if it was on Arch or
>> Gentoo, without success. As I do not have much security knowledge, I
>> believed it.
> I'd like to see that rationale.  Most dm instances are a bigger problem 
> because they usually enable XDMCP by default.

Part already answered above. I do not know what "XDMCP" is, but searching for 
the page referred to above, I saw references to this. Later, I will read about 

At the moment, what is more important to me is: what would be a reasonably 
secure way to start X? At the moment, I am using "startx" from 
".bash_profile"at LFS "svn 7.0" and LXDM on the other LFS's.

The wiki.archlinux.org page has another warning, about "/etc/inittab":

> Warning: This method will not use /bin/login or register your session, 
> therefore no session will appear in who or w. Your session will also not be 
> authorized as 'local' by ConsoleKit, so you will be unable to 
> shutdown/suspend/reboot or mount drives without using sudo or su.<

>> Also, I notice that most linux distros use one.
> Most distros pander to the computer illiterate.
>    -- Bruce

LOL. I had to look for the definition of "pander". I do not know how computer 
(il)literate to classify myself.

Thanks very much for the attention, again. Much appreciated.

FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page