root "login" xterm to increase security?

John Newman jnn at synfin.org
Wed Sep 19 04:07:28 PDT 2018


On Sun, Sep 16, 2018 at 11:15:56PM -0400, grarpamp wrote:
> Any search will bring basic stuff like
> 
> https://insecure.org/sploits/xsecurekeyboard_fequent_query.html
> https://www.techrepublic.com/blog/linux-and-open-source/three-features-you-may-not-know-xterm-has/
> http://tutorials.section6.net/home/basics-of-securing-x11
> https://www.reddit.com/r/openbsd/comments/83adcn/does_openbsd_x11_not_have_security_problems/
> 
> Whether xorg, wayland, xenocara, drivers, ttys, init, login, getty,
> etc are receiving any level of scrutiny, audits, fuzzing, code
> scans, etc. The ancient and obscure it is, the less people look,
> and all the above are exactly that.
> Even mashing kbd on a FreeBSD can throw console into
> unrecoverable must kill state.
> And people talk how trust X?

There is always a trade-off between security and usability. If not X (or
wayland, which I've only tinkered with), then what? I use tty programs
everywhere I can, e.g. mutt for email, irssi, etc - but gotta have
graphical UI sometimes.

-- 
GPG fingerprint: 17FD 615A D20D AFE8 B3E4  C9D2 E324 20BE D47A 78C7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20180919/13659730/attachment.sig>


More information about the cypherpunks mailing list