From owner-freebsd-security Fri Oct 25 16:23:40 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id QAA02439 for security-outgoing; Fri, 25 Oct 1996 16:23:40 -0700 (PDT) Received: from who.cdrom.com (who.cdrom.com [204.216.27.3]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA02433 for ; Fri, 25 Oct 1996 16:23:38 -0700 (PDT) Received: from glacier.cold.org (glacier.cold.org [206.81.134.54]) by who.cdrom.com (8.7.5/8.6.11) with ESMTP id QAA17579 for ; Fri, 25 Oct 1996 16:23:38 -0700 (PDT) Received: from localhost (brandon@localhost) by glacier.cold.org (8.7.5/8.7.3) with SMTP id RAA15480 for ; Fri, 25 Oct 1996 17:25:44 -0600 (MDT) Date: Fri, 25 Oct 1996 17:25:44 -0600 (MDT) From: Brandon Gillespie To: security@freebsd.org Subject: console locking in X windows.. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I dont know if this has been brought up before, but most people get a false sense of security by using 'xlock' or similar programs to lock their X display while away from their console. However, it is likely they started X with 'startx'. If it was started with 'xdm' this problem is not relevant. Otherwise, all a person has to do is type 'CTRL-ALT-F1' to get back to the text-console they ran startx from (or the appropriate Fn key), and type ^Z. The X-server is then suspended and they have full access to the user's shell. Simple fix: alias 'startx' to 'exec /usr/X11R6/bin/startx' I realize this problem is not as 'impacting' as others may be, and is not necessarily specific to FreeBSD, but it does exist nonetheless 8) I would even go so far as to suggest a default alias in /etc/profile and /etc/csh.cshrc, in release versions. -Brandon Gillespie