Hello! On Tue, Jan 03, 2006 at 03:24:22AM -0800, J.C. Roberts wrote: >My dad (68 years old) has finally succeeded in destroying/infecteding >his MS-Windows NT4 box, in spite of my best efforts to secure the darn >thing (e.g. No MSIE, No "Microsoft Networking", stripped of just about >everything MS-ish and with tons of hand made patches, behind an openbsd >firewall... and so on and so forth). It lasted a good four years in the >hands of a typical user that hates computers, clicks on everything and >still expects everything to "just work" and work properly.
4 years w/o infection isn't that bad for windoze... :-) >[...] >The first thing I did was add a "flag file" to my dad's home directory >and made sure he cant modify or delete it. > # touch /home/dad/.xshutdown > # chown root:wheel /home/dad/.xshutdown > # chmod 400 /home/dad/.xshutdown >Since /etc/X11/xdm/TakeConsole runs with root permission on every user >logout to prevent /dev/console sniffing I modified it to perform the >shutdown if the flag file is found in the users home directory. > # cat /etc/X11/xdm/TakeConsole > #!/bin/sh > # Reassign ownership of the console to root, this should disallow > # assignment of console output to any random users's xterm > # $Xorg: TakeConsole,v 1.3 2000/08/17 19:54:17 cpqbld Exp $ > # $OpenBSD: TakeConsole,v 1.3 2004/11/03 00:22:21 matthieu Exp $ > # > chmod 622 /dev/console > chown root /dev/console > /usr/X11R6/bin/sessreg -d -l $DISPLAY -u /var/run/utmp \ > -x /usr/X11R6/lib/X11/xdm/Xservers $USER > > if [ -f "$HOME/.xshutdown" ]; then > shutdown -hp now > fi > # >This approach works perfectly but my questions are: > Is there anything wrong with this approach? > Is there's a better way to deal with the problem? I know no better way offhand. It looks hacky, but it'll keep working I guess. >I know it's a "holy war" topic, but do you have a recommendation for an >email client he could use? kmail is quite usable and it'll be the mail client best integrated into the rest of your dad's desktop, if he's gonna use the OpenBSD/KDE box. >thanks, >jcr Kind regards, Hannah.