XFREE86 Console Hacking
|Description:||You can often break out of a Xlock session from the console with <CTRL><ALT><Backspace>. You can also do <CTRL><ALT><F1> and then ^C (sometimes ^Z works better) to get to a shall.|
|Author:||Roman Garcia <firstname.lastname@example.org>|
|Compromise:||Obtain interactive shell as the user who used 'startx' to start an X session|
|Vulnerable Systems:||XFree86 sessions started with startx from a shell, rather than with XDM |
|Date:||1 April 1997 |
From R.E.Wolff@BitWizard.nl Sat May 3 01:55:01 1997
Date: Tue, 1 Apr 1997 09:01:06 +0200 (MET DST)
From: Rogier Wolff <R.E.Wolff@BitWizard.nl>
To: Roman Garcia <email@example.com>
Subject: [linux-security] Re: X-Windows security hole?
Roman Garcia wrote:
> Maybe I found a hole in the security on Linux running X-Windows.
> Supose that you logged as root. If you locks the screen (at least
> using openwindows+virtual desktop and xlock), anybody can press
> <Ctrl><Alt><Backspace>, that kills the xserver, giving the root
> prompt in the console. You can disable this in the XF86Config file,
> but anybody can press <Ctrl><Alt><Fn> and then <Ctrl><C> killing the
> xserver and giving the root prompt.
> How can disable <Ctrl><Alt>F_n>? Are there other ways to get root
> prompt? How much secure is xlock?
> Thanks in advance. Roman Garcia.
There was talk about allowing a config option to disable console
switching on the XFree list. I don't rember wether that was added or
not, and what the option would be.
There are several ways to prevent the "root" access you describe.
You could use "xdm". That way nobody has to login on a VC to start
X. If you don't have enough memory to allow running xdm all the time,
you can type
instead of the normal "startx". This should log you out as soon as
the X server quits.
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:
[ Nmap |
Sec Tools |
Mailing Lists |
Site News |