root "login" xterm to increase security?
Zenaan Harkness
zen at freedbms.net
Wed Sep 19 19:30:27 PDT 2018
On Wed, Sep 19, 2018 at 07:07:28AM -0400, John Newman wrote:
> On Sun, Sep 16, 2018 at 11:15:56PM -0400, grarpamp wrote:
> > Any search will bring basic stuff like
> >
> > https://insecure.org/sploits/xsecurekeyboard_fequent_query.html
> > https://www.techrepublic.com/blog/linux-and-open-source/three-features-you-may-not-know-xterm-has/
> > http://tutorials.section6.net/home/basics-of-securing-x11
> > https://www.reddit.com/r/openbsd/comments/83adcn/does_openbsd_x11_not_have_security_problems/
> >
> > Whether xorg, wayland, xenocara, drivers, ttys, init, login, getty,
> > etc are receiving any level of scrutiny, audits, fuzzing, code
> > scans, etc. The ancient and obscure it is, the less people look,
> > and all the above are exactly that.
> > Even mashing kbd on a FreeBSD can throw console into
> > unrecoverable must kill state.
> > And people talk how trust X?
>
> There is always a trade-off between security and usability. If not X (or
> wayland, which I've only tinkered with), then what? I use tty programs
> everywhere I can, e.g. mutt for email, irssi, etc - but gotta have
> graphical UI sometimes.
Also, tty is relatively space inefficient, specially on modern "high
res" monitors where many xterms can be layed out to provide an
efficient workspace - yet X (poor security) or Wayland (better?) is
required to make use of all those columns and rows, and probably few
these days would live without some GUI programs (browser, word
processor, video/ tube viewer).
When bitbanging your tty subsystem pretty well guarantees lockup, we
can say we've a long way to go for robust "secure" systems …
notwithstanding the hardware issues so visible today.
More information about the cypherpunks
mailing list