Lock Screen as root

[Erik Hemdal]

> Erik Hemdal wrote:
> 
> > On the gnome-list, a posting noted that one can bypass the 
> screensaver
> > anyway with CTRL-ALT-F1, so logging in as root is dangerous.  But I
> > tried this, and while I can bypass the screensaver, I still 
> must log in
> > to my virtual terminals.  So no loss of security.
> 
> If root did a graphical login, you're right.
> 
> But if root has started the X session with "startx" in one of 
> the virtual
> terminal, you can go to that virtual terminal, do a Ctrl-C (killing X)
> and get a root shell.

Thank you Roberto,  I was beginning to think that maybe I had grown an extra
head or something that made others not want to answer the question.  Or
maybe this is another bit of GNOME design wisdom that is just
incomprehensible to me and obvious to everyone else.  I appreciate that you
took the time to try to explain a dangerous case.

I tried your idea and you're right, of course.  Launching X via startx is
insecure because it does nothing to secure root's original login shell.  But
preventing root from locking the screen doesn't make this "startx" case more
secure.  And preventing locking after root does a graphical login _does_
make the system a bit less secure; particularly when the Preferences GUI
says root can do it.  

Certainly, you don't want to routinely do this.  But this behavior seems
inconsistent to the point of being a defect.  I can understand that there
might be a security hole if the screensaver has to make connections to what
might be a remote X server (I can remember at least one system on which X
would fail to start if the network interface was unterminated).  But if this
is so dangerous, why not prevent graphical root logins altogether?

I'm still in the hunt for a good explanation of the behavior, so I'll keep
looking.

Erik

> 
> Best regards.
> -- 
>    Roberto Ragusa    mail at robertoragusa.it