Security: Securing X

(last edit: 2000-11-22) Problem: You don't want to logout X and the prompt everytime you leave your computer. Solution Install xlock from '/usr/ports/x11/xlockmore' . Now just type 'xlock' and a realy ugly screensaver is started which is locked with your login password. At the bottom of the screen your .signature file is displayed. But there is a security hole here!!!! When a person hits CTR+ALT+BACKSPACE x will be killed (including xlock) and this person will be at your prompt with you still logged in. A simple 'startx' will start x again and now you have bypassed xlock. Oke the apps/connections you had open are killed but still... You can solve this by starting x as follows: user@host:~#exec startx from the freebsd 3.3 man page: "The exec family of functions replaces the current process image with a new process image" When you start exec the old process wil be transformed to a new process. So if you start 'exec vi' from an xterm the xterm-process will be transformed to a vi process. Kill your vi and kill your xterm because the xterm process doesn't exist anymore When you type a '$ps -axj' you'll see something like: USER PID PPID PGID SESS JOBC STAT TT TIME COMMAND user 39358 1 39358 8809c0 0 IWs+ v0 0:00.00 (sh) user 39404 39358 39358 8809c0 0 IW+ v0 0:00.00 (xinit) PPID is the Parent Process ID As you can see xinit, which is the program which starts x, has the same PGID as sh. Situation without exec: USER PID PPID PGID SESS JOBC STAT TT TIME COMMAND user 39466 39465 39466 8a4f80 0 Is p3 0:00.21 zsh user 41159 39466 41159 8a4f80 1 S+ p3 0:00.15 xterm As you can see the PGID is different now. See also the section Xautolock/xlock for more info.

Click here to go back to the index.