[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 20/08/13 15:20, Migel Wimtore wrote: > I have disabled using the keyboard for console switching from inside X (chvt still > works). And am calling xtrlock with systemd on resume. > > A little Xorg config magic, from the 3rd post here, to disable console switching > keys: http://forums.gentoo.org/viewtopic-t-905252-start-0.html > > On resume X is locked with xtrlock & there is no way to use keyboard shortcuts to > change consoles. > Modifier keys are immediately available on entry of user password in xtrlock. > > As far as I can tell this is a secure solution. > > Though I have lost the use of keys for console switching I can still switch with > chvt & still use alt + F* for console switching from a non X VC. > > Unless anyone else has a 'cleaner' solution, I can live with this setup. > Though, I'm still curious as to how others secure their machines on resume, or > whether they even care that with most screen lockers (X lockers) all non X > consoles are accessible via keyboard shortcuts. Why would you care - the naughty individual who's waited for you to suspend your workstation and walk away (this must be in a non-secured area like a shared office I presume) for lunch before pouncing on your machine, waking it up and then hitting ctrl+alt+Fx to switch to a virtual terminal is immediately going to be presented with a user/password login prompt, right? Right? And surely nobody without official access (fellow workers, the sysadmin, your boss) are going to have those details? Obviously any of them could simply ssh into the machine in the first place, locked or not. I may be missing something but you seem to be conflating different issues here. If you want a secure machine, just follow usual practices. If someone has physical access to my machine and it's running, the last thing I care about is whether or not they can access a VT that's still going to demand a valid login from them (and to which all activity is securely logged to a remote monitoring/logging server). In general, I would add, if you care about security in general stop using resume/suspend completely - admittedly this may be impractical if the machine in question is a laptop that travels about a lot. On the other hand, I'd never come across xtrlock before, and that is pretty cool although I'm really struggling to think of a normal usage case for it, other than leaving my screen locked but obviously showing the results of of an ongoing compile job or something for the PHB to look at but not touch whilst I'm away on a coffee break. A weird but interesting question that you seemed to have solved yourself. Out of curiousity, which distro are you using? Systemd could mean SUSE or Fedora, but I'm guessing either Arch or Gentoo - only Arch or Gentoo users would end up worrying about edge-case bizarre stuff like this :] Regards -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq