If a person gains access to your account, it's already too late to stop anything. They can change your shell to a trojaned one, install a keylogger, remove something from path variable to manipulate it, etc. This is what I would do:
Scenario #1: Console login Vulnerability: A person could gain access to the current user you have logged in/su'ed in. They also gain possible sudo privilleges. Solution: Login. Type exec screen -S "vt<n>", when temporarily finished with a session detatch said screen session using Ctrl+a+d. Your screen session can be resumed by logging back in and doing exec screen -S "vt<n"> -r. Note that the -S paramater is optional and specifies session name. If you didn't know, exec should tell the shell to not fork and exec but just exec, thus overwriting itself and therefore when the program ends ending your session. Scenario #2: X session Vulnerability: A person could gain access to the current user you have logged in as, and any terminals you have open. Solution: Login. Type exec startx. When temporarily finished lock session with xlock (or some similair solution). See above for exec definition. And don't forgot to look it is the rule. For me, it's a habbit for if I so much as turn my back to the computer to type Ctrl+x (a keybind I have to lock session) :) Oh, and have at least three users: root admin account (can su to root, some other privilleges. group staff) user account (can't su to root, maybye not to anyone else. group users) Login to admin account only if you need it, and from that login to root only if you need it. Then, at least you don't have whole system compromise. On 25/05/05, Mike <[EMAIL PROTECTED]> wrote: > Jason Opperisano wrote: > > On Wed, May 25, 2005 at 04:09:20PM +0300, Mike wrote: > > > >>would be easily to get password or something else. > > > > > > if $bad_person has the ability to modify your user's or the system-wide > > shell initialization files, why exactly would they need to steal your > > password at that point? > > > > -j > > > > -- > > "Brian: Congratulations, Peter. You're the Spalding Gray of crap." > > --Family Guy > > > > > > i was just thinking that maybe my friend is a bad person or double agent > or maybe the janitor is clever and attacks silently in that time when im > going to bathroom and in a one time i forget to lock my desktop, then > all is lost and disaster is there. > > -- Adam Gleave [ OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005 ] -- Adam Gleave [ OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005 ]
