[Xorg] OLS and console rearchitecture: second pass

Jon Smirl jonsmirl at yahoo.com
Thu Jul 29 18:10:24 PDT 2004


Message from  yahoo.com.
Unable to deliver message to the following address(es).

<xorg-xserver at freedesktop.org>:
131.252.208.82 does not like recipient.
Remote host said: 550 <xorg-xserver at freedesktop.org>: Recipient address
rejected: User unknown in 
local recipient table
Giving up on 131.252.208.82.

--- Original message follows.

Return-Path: <jonsmirl at yahoo.com>
Message-ID: <20040730005227.44446.qmail at web14924.mail.yahoo.com>
--- Ely Levy <elylevy at cs.huji.ac.il> wrote:
> Hey,
> I remember a while ago there was a talk about locking one of the
> devices
> so only one user can open it. This to prevent anyone else (even with
> root
> accesss?) from seeing your screen.
> is it still planned? is it solved by some other way?

I don't think there is any way to lock out root. Root can always open
/dev/mem and get to the framebuffer. Even if we lock that down, root
can modprobe in their own device driver.

It should be possible to lock out non-root users.

SE Linux should provide more control over what root can do, but I don't
know enough about it. If you figure out how to lock out root please let
me know.

> Another thing was the discussion about making sure that you are
> entering
> your login to X or console and not to some trojan.
> Does it address this as well?

Alan Cox says this is covered but I'm not clear on how he is going to
achieve it.




=====
Jon Smirl
jonsmirl at yahoo.com


	
		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail 



More information about the xorg mailing list