Bruce, thank you very much for the replies. Em 12-02-2012 19:17, Bruce Dubbs escreveu: > Fernando de Oliveira wrote: > >> I used to do that for months (or even years?) until one day I read >> about security issues if not using a dm, > That seems pretty lame. You only need to do Ctrl-Alt-F2 to get to a > login prompt unless there has been changes to the default inittab.
I think I found one of the pages I saw long ago about this: https://wiki.archlinux.org/index.php/Start_X_at_Boot > Warning: Note that there is a significant security difference when using > plain startx instead of a login manager. Thus you run startx from your shell > you are always able to switch from X (usually on tt7) back to tty1 > (Ctrl+Alt+F1) and gain control over the user shell even when the screen is > locked (e.g. via XScreenSaver, i3lock, alock-svn or lualock-git). A solution: > replace exec startx with exec nohup startx > .xlog & vlock. This will start > X, redirect the print out to ~/.xlog and lock the shell. Of course you need > to install vlock first.< And it is related to your comment above, but to my understanging, in the opposite sense. Funny thing, I tried it in the VM running LFS "svn 7.0" (X, but no dm, no vm-tools), LFS 6.8 (my default machine, where I am writing this post, LXDE/LXDM, open-vm-tools) , and got the new login prompt, but, to my surprise, in the *host*!!! So, agreement with Bruce. > > and installed slim. I have >> spent about an hour now, trying to find it if it was on Arch or >> Gentoo, without success. As I do not have much security knowledge, I >> believed it. > I'd like to see that rationale. Most dm instances are a bigger problem > because they usually enable XDMCP by default. Part already answered above. I do not know what "XDMCP" is, but searching for the page referred to above, I saw references to this. Later, I will read about this. At the moment, what is more important to me is: what would be a reasonably secure way to start X? At the moment, I am using "startx" from ".bash_profile"at LFS "svn 7.0" and LXDM on the other LFS's. The wiki.archlinux.org page has another warning, about "/etc/inittab": > Warning: This method will not use /bin/login or register your session, > therefore no session will appear in who or w. Your session will also not be > authorized as 'local' by ConsoleKit, so you will be unable to > shutdown/suspend/reboot or mount drives without using sudo or su.< > >> Also, I notice that most linux distros use one. > Most distros pander to the computer illiterate. > > -- Bruce LOL. I had to look for the definition of "pander". I do not know how computer (il)literate to classify myself. Thanks very much for the attention, again. Much appreciated. -- []s, Fernando -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
