startx considered harmful

jdavidb on 2002-01-10T22:58:37

So everyone knows when you install most UNIX distros, you can choose to start up in graphical or text mode. If you come in on text mode, you run startx to start the Xwindow system (possibly plus gnome, KDE, etc.). I've always preferred just having the computer boot into graphical login mode.

For the record, these two modes are different runlevels. Text login mode is 3 (I think) and graphical login mode is 5 (I think). (Probably depends on your distro, though. This is RedHat 7.x.) So you can switch between them with the telinit command.

Now, I've been learning wonderful lessons from building my own Linux systems from scratch. This is a concept I'd sort of refer to as a "distributionless" Linux; you install a distro, download source packages, make a new, empty, pristine partition, and start compiling. Or, if you're a real hacker, you get Tom's root boot on a floppy, boot, fdisk and mkfs your whole hard drive, download gcc, and compile like that.

So after you've done all this, you get to compile and install X yourself. (Not to mention a desktop like Gnome or KDE. If you want.) In learning things (boy have I been learning), I learned that the X server starts up on the first available virtual console terminal. I further learned that you could switch back to the text virtual terminals with control-alt-F\d .

So, after thinking about that for a few days, I suddenly had a brainstorm today. I locked my X session (started with startx) and hit control-alt-F1. Lo and behold, there was the virtual terminal from which I had run startx. It was still running startx as me, too. I could background it or kill it if I wanted. I could get to a shell prompt and be me. Or someone else could've walked over to my locked terminal, gotten to a shell prompt, and been me. Ouch.

This is a new experience to me. Until recently I've used the graphical login, so I've never had to use startx. The guy next to me, though, prefers his system to boot in text mode. So imagine his surprise when I walked over today, said, "Let me check something," punched control-alt-F1 on his system (safely locked and running a Matrix screensaver), backgrounded his startx, and started typing away! All this time we thought everything was secure, anyone could've walked up and broken into who knows what.

After thinking about this, the best solution seems to be the graphical login runlevel. But, for those who prefer startx, we got a workaround: $ startx & exit. This will background the startx and immediately log out. Just make sure you aren't logged in on any other terminals.

Sigh. Maybe I'll go do a google search and see who else has had this problem.


Heh...

djberg96 on 2002-02-13T19:54:53

I tried this on my neighbors computer - you're right! Holy crap!

I couldn't seem to background his startx though - I mean I could see the terminal but it didn't seem to accept any signals (Ctrl-Z, etc).

Still, something worth knowing. :)

Re:Heh...

jdavidb on 2002-02-15T18:39:31

Another fun thing for Mac users. When I got my new iBook and put Debian on it, I tested and thought it was immune to this. Then I discovered that in console mode, open-apple is the alt key, while in X mode, option (which has "alt" as an alternate label) is the alt key.

Yeah, this startx thing is quite a security hole, isn't it? Except, truly, it's more of a feature than a bug. (I find it useful on the laptop.)

I never would've found it if I hadn't been poring through X documentation. (I compiled my own Linux (LFS) and then put X and Gnome on it myself the hard way. Fun!)