Bug 1956

Summary: Any user can launch X even if not logged on at console!!
Product: [Retired] Red Hat Linux Reporter: Chris Evans <chris>
Component: XFree86Assignee: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.0Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-04-07 23:40:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Chris Evans 1999-04-02 18:22:58 UTC
This is irritating if nothing else. Why should a user be
able to telnet in, type "startx", and affect the console?

As a quick hack around this "Xwrapper" could be modified to
reject the request to start up X unless the process in on a
virtual console (tty1 etc.)

Comment 1 michael 1999-04-05 00:42:59 UTC
This isn't a real security problem per se. I've had occasion
to use this 'feature' in the past.

Comment 2 Preston Brown 1999-04-05 20:30:59 UTC
If we have time, we may implement a check for if the user is on the
console for 6.0, but it really isn't a security concern.  If someone
does this to you, you call them up and get mad at them. :)

If it doesn't make 6.0, it will make post-6.0.

Comment 3 Michael K. Johnson 1999-04-05 20:43:59 UTC
In particular, when this happens, it will be done by pamifying
xwrapper and making it authenticate against pam_console by default.
Then folks can add whatever other authentication they want -- like
pam_time, for example...

Comment 4 Michael K. Johnson 1999-04-07 23:16:59 UTC
OK, I got time I didn't expect so I did this in time for 6.0 :-)
Now sysadmins can set their own policy here without recompiling.
Preston, go ahead and close this once the code is built into our
XFree86 package.

Comment 5 Preston Brown 1999-04-07 23:40:59 UTC
This will be included in XFree86- and later.