XFREE86 Console Hacking

Summary
Description:You can often break out of a Xlock session from the console with <CTRL><ALT><Backspace>. You can also do <CTRL><ALT><F1> and then ^C (sometimes ^Z works better) to get to a shall.
Author:Roman Garcia <nykros@sol.info.unlp.edu.ar>
Compromise:Obtain interactive shell as the user who used 'startx' to start an X session
Vulnerable Systems:XFree86 sessions started with startx from a shell, rather than with XDM
Date:1 April 1997
Details


From R.E.Wolff@BitWizard.nl Sat May  3 01:55:01 1997
Date: Tue, 1 Apr 1997 09:01:06 +0200 (MET DST)
From: Rogier Wolff <R.E.Wolff@BitWizard.nl>
Reply-To: linux-security@redhat.com
To: Roman Garcia <nykros@sol.info.unlp.edu.ar>
Cc: linux-security@redhat.com
Subject: [linux-security] Re: X-Windows security hole?

Roman Garcia wrote:
> 
> Hi,

> Maybe I found a hole in the security on Linux running X-Windows.
> Supose that you logged as root. If you locks the screen (at least
> using openwindows+virtual desktop and xlock), anybody can press
> <Ctrl><Alt><Backspace>, that kills the xserver, giving the root
> prompt in the console. You can disable this in the XF86Config file,
> but anybody can press <Ctrl><Alt><Fn> and then <Ctrl><C> killing the
> xserver and giving the root prompt.

> How can disable <Ctrl><Alt>F_n>? Are there other ways to get root
> prompt?  How much secure is xlock?

> Thanks in advance. Roman Garcia.

There was talk about allowing a config option to disable console
switching on the XFree list. I don't rember wether that was added or
not, and what the option would be.

There are several ways to prevent the "root" access you describe.
You could use "xdm". That way nobody has to login on a VC to start
X. If you don't have enough memory to allow running xdm all the time,
you can type 
	exec startx
instead of the normal "startx". This should log you out as soon as 
the X server quits. 

					Roger.

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]