On Thursday 14 February 2008 16:39:55 Michael A. Peters wrote: > Anne Wilson wrote: > > In security terms, is there any difference between ending a session > > (logout of X) and locking a session? > > > > Anne > > If I understand what you are asking - yes. > By lock session, you mean "Lock Screen" ?? > > If you just lock the session - your user is still the console use and > has permission to write to certain device nodes. When you log out, your > user gives up those permissions. > > [mpeters@athens ~]$ ls -l /dev/ |grep mpeters |wc -l > 29 > [mpeters@athens ~]$ > > That's 29 device nodes that I have permission on because I am the > console user. When I log out, they revert to default (typically root) > ownership. > > For example - lock your screen and ssh in from elsewhere - then run the > eject command. The CD tray should shoot out (unless you have a slot > loader ...) > > Log out at the console and try it - it will fail: > > [mpeters@athens ~]$ ssh jerusalem > mpeters@jerusalem's password: > Last login: Tue Feb 12 01:55:49 2008 from 192.168.15.100 > [mpeters@jerusalem ~]$ eject > eject: unable to open `/dev/hdc' > [mpeters@jerusalem ~]$ > > > > There also are some userspace daemons that often start up when you are > logged in (IE in gnome) that exit when you actually log out. > Thanks, Michael. Yes, this is the sort of info that I was looking for. Of course a remote user would need to get my ssh passphrase to do anything, then again, to use the root password for most things. However, I guess that once again the biggest risk is physical access to the box, since running a different session would still be possible. That's only the same, though, as being logged out, I think. Have I got the situation roughly right? Anne
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
