Xserver needs to run as "root" on Linux / was: Re: [Xorg] Server side widgets

Jakub Piotr Cłapa loc at toya.net.pl
Wed Jul 14 12:11:10 PDT 2004


Alan Cox wrote:
> On Mer, 2004-07-14 at 17:55, Jakub Piotr Cłapa wrote:
> 
>>But there is a problem with a mallicious user killing a logged in session.
>>
>>The exclusive keyboard would allow us to configure programs used for 
>>logging in (mingetty, xdm) and make sure no other processes can capture 
>>passwords. It seems secure to me and definitely more flexible than any 
>>builtin kernel login demons.
> 
> You also have to know that the "mingetty" you are looking at is the real
> thing. 

If it is not it won't receive any keypresses in the special mode.

> Thats one thing SAK solves definitively. With regards to
> killing sessions, SAK is assuming console access so the user is also
> typically capable of removing the power, putting an axe through the
> monitor and a number of other hard to defend techniques for killing
> logged in sessions.

It is possible to secure the hardware. We are not talking about typical 
cases, because these are mostly single-user, private installations.

-- 
Regards,
Jakub Piotr Cłapa



More information about the xorg mailing list