On Fri, 23 Mar 2012 22:30:40 -0400 Nick Holland <n...@holland-consulting.net> wrote:
> On 03/23/12 22:02, Brett wrote: > > On Sat, 24 Mar 2012 02:43:53 +0100 > > Henning Brauer <lists-open...@bsws.de> wrote: > > > >> * Brett <brett.ma...@gmx.com> [2012-03-24 01:56]: > >> > > its normal behaviour. from xorg.conf(5): > >> > > > >> > > Option "DontZap" "boolean" > >> > > This disallows the use of the Terminate_Server XKB action > >> > > (usually on Ctrl+Alt+Backspace, depending on XKB options). > >> > > This action is normally used to terminate the Xorg server. When > >> > > this option is enabled, the action has no effect. Default: off. > >> > > >> > Would it make sense for this to be the "secure by default" default? > >> > >> how exactly is preventing yourself from killing your own X server > >> increasing security again? > >> > > > > By stopping anyone wandering by my desk (or the cat) from pressing a few > > buttons and getting into a console. > > IF you are logging in at the console, then starting X, yes. There are a > few ways to get back to the console. > > However, if you are relying on xlock to keep people off your system, you > will want to use DontZap or use xdm to start X, rather than logging in, > starting X and leaving a console running. > > Note that if you are leaving a console logged in then starting X, a > CTRL-ALT-F1 (through F4) may take you somewhere you aren't expecting to > be able to get, DontZap or no DontZap. > > Nick. > Till now I falsely assumed that ctrl+alt+f1 behaved as ctrl+alt+{f2-f4}, and went to a login: prompt. Sorry for the noise, DontZap on by default will not improve security. I always used startx, will try out xdm. And shutdown my computers more often! Brett.