Friday, 25 July 2008

Safer startx

Many people claim one should be using a display manager for starting one's X session. One oft cited reason to do so is that when you use startx to fire it up, a malicious person could just circumvent any lock you may have put on your X-session by [ctrl]-[alt]-[←]'ing the server and then being dropped to the console.
However, you can just use the following command:

This will exit your session once startx exits. Since X traps all signals, switching to the tty and trying to suspend it won't work.
There's one catch though: my default shell (zsh) will warn you about programs you may still have running in the same shell before exiting and thus prevent the exit command from actually doing its job. So you should be careful about this, or just alias startx so that it first turns off the offending shell option.
This is, of course, also handy for safely giving away restricted prompts to other users (su someuser comes to my mind).

If someone knows a reason this is not safe, please tell me :-)

Edit: I initially thought the pun in this post's title would work only in German, but it appears to be OK for English, too. Thanks to ke for pointing this out.


I'm such a jerk. Just use the shell's built-in exec. Sheesh.


ke said...

"Safer sex" (a comparative, of course) is used in English alongside "safe sex". And I think that is what was imported into German.

adimit said...

Yeah, I forgot to change that in the post - my first impression was motivated by Google: I forgot to log in and it redirected me to, giving mostly German results. Something I hate with a passion about Google. Just because I'm in Germany it doesn't mean I want my results in German. Good thing doesn't do such things, so I've switched to using mostly goosh ;-)