On Fri, 23 Mar 2012 22:30:40 -0400
Nick Holland <n...@holland-consulting.net> wrote:
> On 03/23/12 22:02, Brett wrote:
> > On Sat, 24 Mar 2012 02:43:53 +0100
> > Henning Brauer <lists-open...@bsws.de> wrote:
> >
> >> * Brett <brett.ma...@gmx.com> [2012-03-24 01:56]:
> >> > > its normal behaviour. from xorg.conf(5):
> >> > >
> >> > > Option "DontZap" "boolean"
> >> > > This disallows the use of the Terminate_Server XKB action
> >> > > (usually on Ctrl+Alt+Backspace, depending on XKB options).
> >> > > This action is normally used to terminate the Xorg server. When
> >> > > this option is enabled, the action has no effect. Default: off.
> >> >
> >> > Would it make sense for this to be the "secure by default" default?
> >>
> >> how exactly is preventing yourself from killing your own X server
> >> increasing security again?
> >>
> >
> > By stopping anyone wandering by my desk (or the cat) from pressing a few
> > buttons and getting into a console.
>
> IF you are logging in at the console, then starting X, yes. There are a
> few ways to get back to the console.
>
> However, if you are relying on xlock to keep people off your system, you
> will want to use DontZap or use xdm to start X, rather than logging in,
> starting X and leaving a console running.
>
> Note that if you are leaving a console logged in then starting X, a
> CTRL-ALT-F1 (through F4) may take you somewhere you aren't expecting to
> be able to get, DontZap or no DontZap.
>
> Nick.
>
Till now I falsely assumed that ctrl+alt+f1 behaved as ctrl+alt+{f2-f4}, and
went to a login: prompt. Sorry for the noise, DontZap on by default will not
improve security.
I always used startx, will try out xdm. And shutdown my computers more often!
Brett.
