XFREE86 Console Hacking

From R.E.Wolff@BitWizard.nl Sat May  3 01:55:01 1997
Date: Tue, 1 Apr 1997 09:01:06 +0200 (MET DST)
From: Rogier Wolff <R.E.Wolff@BitWizard.nl>
Reply-To: linux-security@redhat.com
To: Roman Garcia <nykros@sol.info.unlp.edu.ar>
Cc: linux-security@redhat.com
Subject: [linux-security] Re: X-Windows security hole?

Roman Garcia wrote:
> 
> Hi,

> Maybe I found a hole in the security on Linux running X-Windows.
> Supose that you logged as root. If you locks the screen (at least
> using openwindows+virtual desktop and xlock), anybody can press
> <Ctrl><Alt><Backspace>, that kills the xserver, giving the root
> prompt in the console. You can disable this in the XF86Config file,
> but anybody can press <Ctrl><Alt><Fn> and then <Ctrl><C> killing the
> xserver and giving the root prompt.

> How can disable <Ctrl><Alt>F_n>? Are there other ways to get root
> prompt?  How much secure is xlock?

> Thanks in advance. Roman Garcia.

There was talk about allowing a config option to disable console
switching on the XFree list. I don't rember wether that was added or
not, and what the option would be.

There are several ways to prevent the "root" access you describe.
You could use "xdm". That way nobody has to login on a VC to start
X. If you don't have enough memory to allow running xdm all the time,
you can type 
	exec startx
instead of the normal "startx". This should log you out as soon as 
the X server quits. 

					Roger.